Adding a SAINT Security Suite Vulnerability Scanner in JSA
JSA uses the SAINT API to collect and import scan reports from your SAINT Security Suite appliance.
Before you can add the SAINT Security Suite vulnerability scanner in JSA, you need to complete the following steps:
- Log in to the JSA Console.
- Click the Admin tab.
- Click the VA Scanners icon, and then click Add.
- In the Scanner Name field, type a name to identify your SAINT Security Suite scanner.
- From the Managed Host list, select the managed host from your JSA deployment that manages the scanner import.
- From the Type list, select SAINT Security Suite Scanner.
- In the Remote API Hostname field, type the IP address or the host name for the SAINT API.
- In the API Port field, type the SAINT API port number. For more information about the API port, go to Obtaining the SAINT API Port Number.
- In the API Token field, type the SAINT API token. For more information about the SAINT API token, go to Obtaining the SAINT API Token.
- From the Scan Type list, select one of the
following scan type options:
JSA creates and runs a new scan on the SAINT Security Suite appliance. After the scan completes, JSA collects and imports a scan report from the SAINT Security Suite appliance.
JSA collects and imports scan reports for all scans that are already on the SAINT Security Suite appliance that match the following requirements.
The scan is not older than the age specified in the Max Report Age field.
The scan level of the scan matches the specified Scan Level.
The target map of the scan has at least one IP address in common with the CIDR range.
This option does not start new scans on the SAINT Security Suite appliance. To collect accurate results, ensure that relevant, regularly run scans are scheduled on the SAINT Security Suite appliance.
- From the Scan Level list, select a scan level that you
want to use from the following options.
On the SAINT Security Suite appliance and in SAINT Security Suite documentation, scan levels are referred to as scan policies. For more information OVAL/SCAP scans, go to the SAINT Security Suite documentation website . From the navigation pane, click
User Guide > SCAP.
SAINT collects information to get the general character of a host and establishes the operating system type and, if possible, the software release version.
The Heavy/Vulnerability Scan level is also known as the heavy policy. SAINT looks for services that are listening on TCP or UDP ports. Any services that are detected are scanned for any known vulnerabilities. This scan includes SAINT's entire set of vulnerability checks, and is the scan policy that SAINT suggests you use in most situations.
SAINT scans the targets and determines which targets have live hosts. This scan level only completes the minimum scanning that is required to identify live hosts. Therefore, the Discovery scan is not very intrusive.
SAINT identifies services that are listening on TCP or UDP ports.
SAINT detects web directories on the targets by scanning ports for web services, and then finds directories by following HTML links, starting from the home page.
SAINT looks for SQL injection and cross-site scripting vulnerabilities on web servers. Both generic tests are included. SAINT finds HTML forms and tests all parameters for SQL injection and cross-site scripting, and then checks for known SQL injection and cross-site scripting vulnerabilities.
SAINT looks for missing Windows patches. Most of the checks for Windows patches require Windows domain authentication.
SAINT searches files on Windows and Linux/Mac targets for credit card numbers, social security numbers, or any other patterns that are specified. Authentication is needed. If you are scanning a Linux/Mac target, SSH must be enabled.
SAINT scans the targets by using all vulnerability checks that are relevant for Payment Card Industry and Data Security Standard (PCI DSS) compliance.
Information is collected about installed AV software, such as last scan date, enabled, definition file dates, and other information that is useful for auditing requirement 5 of the PCI DSS. Information is also collected for Windows versions for many of the AV software products, such as McAfee, Symantec, AVG, F-Secure, MS Forefront, and Trend Micro. Authentication is needed. Facts that contain the string '(Master)' indicate that an anti-virus server, manager, or admin is installed on the target.
SAINT scans the targets by using all vulnerability checks that are relevant for Federal Information Security Management Act (FISMA) compliance.
SAINT authenticates against the targets by using the credentials that are specified when adding a vulnerability scanner.
Win Password Guess
Completes password guess checks against Windows targets by using the password guess and password dictionary configuration options. Authentication is suggested for SAINT to enumerate accounts.
Microsoft Patch Tuesday
Checks for the last published Microsoft patch Tuesday vulnerabilities on the second Tuesday of each month. This scan level and associated content are usually updated by SAINTexpress by noon on Wednesday.
Web Scan (OWASP Top 10)
Checks for vulnerabilities in web servers and web applications, such as SQL injection, cross-site scripting, unpatched web server software, weak SSL ciphers, and other OWASP Top 10 vulnerabilities. It also enables file content checks. Authentication might be necessary for some of the checks that are included.
IAVA (Maps CVEs to IAVA codes)
SAINT scans the targets by using all vulnerability checks that are relevant for Information Assurance Vulnerability Alert (IAVA) compliance.
OS Password Guess
Includes all SAINT password guess features that are designed to guess the operating system password. This policy includes checks for default FTP passwords, and dictionary-based password guesses through Telnet, SSH, and FTP. Authentication is suggested to ensure user account enumeration.
SAINT scans the targets by using all vulnerability checks that are relevant for North American Electric Reliability Corporation and Critical Infrastructure Protection (NERC CIP) compliance.
Generates a list of software that is installed on Windows targets. Authentication is needed. The software list is generated by enumerating the uninstall key in the Windows registry. Only software that was registered with the operating system during installation is included. Software that was placed on the system without running an installer program is usually omitted. Registered software that was incorrectly removed from the system might be included in the list after removal.
SAINT scans the targets by using all vulnerability checks that are relevant for Health Insurance Portability and Accountability Act (HIPAA) compliance.
SAINT scans the targets by using all vulnerability checks that are relevant for Sarbanes-Oxley Act (SOX) compliance.
The Mobile Device scan level queries Active Directory servers for information about mobile devices that use Exchange ActiveSync, and then uses that information to suggest vulnerabilities on those devices. The devices are listed in the scan results as separate targets even though those targets are not scanned.
For this scan level to succeed, OpenLDAP must be installed on the scanning host, and the scan must run with Windows domain administrator credentials. For more information about Authentication, go to the SAINT Security Suite documentation website - Step 4 – Authentication.
The target list must include at least one Active Directory server, and the SSL certificate for that Active Directory server is installed and configured on the scanning host. For more information about Windows Targets, go to the SAINT Security Suite documentatin website - Authenticating to Windows Targets.
Checks for vulnerabilities in routers, switches, and other networking devices.
Runs an OVAL/SCAP scan.
For more information about OVAL/SCAP scans, go to the SAINT Security Suite documentation website. From the navigation pane, click User Guide > Using SAINT > SCAP.
For more information about SAINT scan parameters, go to the SAINT Security Suite documentation website and complete the following steps. From the navigation pane, click User Guide > Using SAINT > Jobs Tab.
- If you selected OVAL Scan from the Scan Level list, type the name of the scan policy that you want to use in the OVAL Scan Policy Name field. OVAL/SCAP scans are types of scans that are based on benchmarks that are collected from authoritative sources.
- If you selected Live Scan for the scan type,
provide the scan target credentials that are used to authenticate
targets during scans. From the Scan Target Credentials Type list, select one of the following options for the credentials that
you want to use:
Scan Target credentials are ignored when Report Only is selected for the scan type.
Do not use any credentials.
Use credentials for basic HTTP credentials.
Use credentials for connecting to a Linux, UNIX, or Mac server through SSH.
Microsoft SQL Server
Use credentials for connecting to a Microsoft SQL Server database.
Uses credentials for connecting to an Oracle database.
Use credentials of an administrator account on a Windows server.
Use credentials of a non-administrator account on a Windows server.
Use credentials for connecting to a MySQL database.
Use SNMPv3 credentials.
- If you selected any of the options, except for the None option from the Scan Target Credentials Type list, configure the following parameters for the Scan Target
Credentials that you selected:
Scan Target Credentials Username
The user name for the scan target credential that you selected.
Scan Target Credentials Password
The password for the scan target credential that you selected.
- Optional: If you selected Linux/Unix/Mac (SSH) from the Scan Target Credentials Type list, specify the SSH Private Key.
- Optional: If you selected Oracle from the Scan Target Credentials Type list, you can specify an Oracle Service ID (SID) of an Oracle database instance by typing it in the Oracle SID field.
- Optional: If you selected SNMPv3 from the Scan Target Credentials Type list, complete the following steps:
Select one of the following checksum algorithm options from the SNMP Password Protocol list:
Select this option for the password that you typed in the Scan Target Credentials Password field to use the SHA protocol.
Select this option for the password that you typed in the Scan Target Credentials Password field to use the MD5 protocol
Optional: You can specify an SNMP passphrase by typing it in the SNMP Passphrase field. If you specified an SNMP Passphrase, select one of the following options from the SNMP Passphrase Protocol list:
Select this option for the passphrase that you typed in the SNMP passphrase field to use the DES protocol.
Select this option for the password that you typed in the SNMP passphrase field to use the AES protocol.
- If you selected Report Only from the Scan Type list, type the maximum age of scan reports that you want to import in the Max Report Age field.
- Configure CIDR ranges for the scanner:
In the CIDR Ranges field, type the CIDR range for the scan or click Browse to select a CIDR range from the network list.
- Click Save.