Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Adding a SAINT Security Suite Vulnerability Scanner in JSA

 

JSA uses the SAINT API to collect and import scan reports from your SAINT Security Suite appliance.

Before you can add the SAINT Security Suite vulnerability scanner in JSA, you need to complete the following steps:

  1. Obtaining the SAINT API Port Number.

  2. Adding a JSA Host to the Allowed API Clients List.

  3. Obtaining the SAINT API Token.

  4. Copy the Server Certificate.

  1. Log in to the JSA Console.
  2. Click the Admin tab.
  3. Click the VA Scanners icon, and then click Add.
  4. In the Scanner Name field, type a name to identify your SAINT Security Suite scanner.
  5. From the Managed Host list, select the managed host from your JSA deployment that manages the scanner import.
  6. From the Type list, select SAINT Security Suite Scanner.
  7. In the Remote API Hostname field, type the IP address or the host name for the SAINT API.
  8. In the API Port field, type the SAINT API port number. For more information about the API port, go to Obtaining the SAINT API Port Number.
  9. In the API Token field, type the SAINT API token. For more information about the SAINT API token, go to Obtaining the SAINT API Token.
  10. From the Scan Type list, select one of the following scan type options:

    Option

    Description

    Live Scan

    JSA creates and runs a new scan on the SAINT Security Suite appliance. After the scan completes, JSA collects and imports a scan report from the SAINT Security Suite appliance.

    Report Only

    JSA collects and imports scan reports for all scans that are already on the SAINT Security Suite appliance that match the following requirements.

    • The scan is not older than the age specified in the Max Report Age field.

    • The scan level of the scan matches the specified Scan Level.

    • The target map of the scan has at least one IP address in common with the CIDR range.

    This option does not start new scans on the SAINT Security Suite appliance. To collect accurate results, ensure that relevant, regularly run scans are scheduled on the SAINT Security Suite appliance.

  11. From the Scan Level list, select a scan level that you want to use from the following options.Note

    On the SAINT Security Suite appliance and in SAINT Security Suite documentation, scan levels are referred to as scan policies. For more information OVAL/SCAP scans, go to the SAINT Security Suite documentation website . From the navigation pane, click User Guide > SCAP.

    Scan level

    Description

    Normal

    SAINT collects information to get the general character of a host and establishes the operating system type and, if possible, the software release version.

    Heavy/Vulnerability Scan

    The Heavy/Vulnerability Scan level is also known as the heavy policy. SAINT looks for services that are listening on TCP or UDP ports. Any services that are detected are scanned for any known vulnerabilities. This scan includes SAINT's entire set of vulnerability checks, and is the scan policy that SAINT suggests you use in most situations.

    Discovery

    SAINT scans the targets and determines which targets have live hosts. This scan level only completes the minimum scanning that is required to identify live hosts. Therefore, the Discovery scan is not very intrusive.

    Port Scan

    SAINT identifies services that are listening on TCP or UDP ports.

    Web Crawl

    SAINT detects web directories on the targets by scanning ports for web services, and then finds directories by following HTML links, starting from the home page.

    SQL/XSS

    SAINT looks for SQL injection and cross-site scripting vulnerabilities on web servers. Both generic tests are included. SAINT finds HTML forms and tests all parameters for SQL injection and cross-site scripting, and then checks for known SQL injection and cross-site scripting vulnerabilities.

    Windows Patch

    SAINT looks for missing Windows patches. Most of the checks for Windows patches require Windows domain authentication.

    Content Search

    SAINT searches files on Windows and Linux/Mac targets for credit card numbers, social security numbers, or any other patterns that are specified. Authentication is needed. If you are scanning a Linux/Mac target, SSH must be enabled.

    PCI

    SAINT scans the targets by using all vulnerability checks that are relevant for Payment Card Industry and Data Security Standard (PCI DSS) compliance.

    Anti-virus Information

    Information is collected about installed AV software, such as last scan date, enabled, definition file dates, and other information that is useful for auditing requirement 5 of the PCI DSS. Information is also collected for Windows versions for many of the AV software products, such as McAfee, Symantec, AVG, F-Secure, MS Forefront, and Trend Micro. Authentication is needed. Facts that contain the string '(Master)' indicate that an anti-virus server, manager, or admin is installed on the target.

    FISMA

    SAINT scans the targets by using all vulnerability checks that are relevant for Federal Information Security Management Act (FISMA) compliance.

    Authentication Test

    SAINT authenticates against the targets by using the credentials that are specified when adding a vulnerability scanner.

    Win Password Guess

    Completes password guess checks against Windows targets by using the password guess and password dictionary configuration options. Authentication is suggested for SAINT to enumerate accounts.

    Microsoft Patch Tuesday

    Checks for the last published Microsoft patch Tuesday vulnerabilities on the second Tuesday of each month. This scan level and associated content are usually updated by SAINTexpress by noon on Wednesday.

    Web Scan (OWASP Top 10)

    Checks for vulnerabilities in web servers and web applications, such as SQL injection, cross-site scripting, unpatched web server software, weak SSL ciphers, and other OWASP Top 10 vulnerabilities. It also enables file content checks. Authentication might be necessary for some of the checks that are included.

    IAVA (Maps CVEs to IAVA codes)

    SAINT scans the targets by using all vulnerability checks that are relevant for Information Assurance Vulnerability Alert (IAVA) compliance.

    OS Password Guess

    Includes all SAINT password guess features that are designed to guess the operating system password. This policy includes checks for default FTP passwords, and dictionary-based password guesses through Telnet, SSH, and FTP. Authentication is suggested to ensure user account enumeration.

    NERC CIP

    SAINT scans the targets by using all vulnerability checks that are relevant for North American Electric Reliability Corporation and Critical Infrastructure Protection (NERC CIP) compliance.

    Software Inventory

    Generates a list of software that is installed on Windows targets. Authentication is needed. The software list is generated by enumerating the uninstall key in the Windows registry. Only software that was registered with the operating system during installation is included. Software that was placed on the system without running an installer program is usually omitted. Registered software that was incorrectly removed from the system might be included in the list after removal.

    HIPAA

    SAINT scans the targets by using all vulnerability checks that are relevant for Health Insurance Portability and Accountability Act (HIPAA) compliance.

    SOX

    SAINT scans the targets by using all vulnerability checks that are relevant for Sarbanes-Oxley Act (SOX) compliance.

    Mobile Device

    The Mobile Device scan level queries Active Directory servers for information about mobile devices that use Exchange ActiveSync, and then uses that information to suggest vulnerabilities on those devices. The devices are listed in the scan results as separate targets even though those targets are not scanned.

    For this scan level to succeed, OpenLDAP must be installed on the scanning host, and the scan must run with Windows domain administrator credentials. For more information about Authentication, go to the SAINT Security Suite documentation website - Step 4 – Authentication.

    The target list must include at least one Active Directory server, and the SSL certificate for that Active Directory server is installed and configured on the scanning host. For more information about Windows Targets, go to the SAINT Security Suite documentatin website - Authenticating to Windows Targets.

    Network Device

    Checks for vulnerabilities in routers, switches, and other networking devices.

    OVAL Scan

    Runs an OVAL/SCAP scan.

    For more information about OVAL/SCAP scans, go to the SAINT Security Suite documentation website. From the navigation pane, click User Guide > Using SAINT > SCAP.

    For more information about SAINT scan parameters, go to the SAINT Security Suite documentation website and complete the following steps. From the navigation pane, click User Guide > Using SAINT > Jobs Tab.

  12. If you selected OVAL Scan from the Scan Level list, type the name of the scan policy that you want to use in the OVAL Scan Policy Name field. OVAL/SCAP scans are types of scans that are based on benchmarks that are collected from authoritative sources.
  13. If you selected Live Scan for the scan type, provide the scan target credentials that are used to authenticate targets during scans. From the Scan Target Credentials Type list, select one of the following options for the credentials that you want to use:Note

    Scan Target credentials are ignored when Report Only is selected for the scan type.

    Option

    Description

    None

    Do not use any credentials.

    HTTP Basic

    Use credentials for basic HTTP credentials.

    Linux/Unix/Mac (SSH)

    Use credentials for connecting to a Linux, UNIX, or Mac server through SSH.

    Microsoft SQL Server

    Use credentials for connecting to a Microsoft SQL Server database.

    Oracle

    Uses credentials for connecting to an Oracle database.

    Windows Admin

    Use credentials of an administrator account on a Windows server.

    Windows non-Admin

    Use credentials of a non-administrator account on a Windows server.

    MySQL

    Use credentials for connecting to a MySQL database.

    SNMPv3

    Use SNMPv3 credentials.

  14. If you selected any of the options, except for the None option from the Scan Target Credentials Type list, configure the following parameters for the Scan Target Credentials that you selected:

    Parameter

    Value

    Scan Target Credentials Username

    The user name for the scan target credential that you selected.

    Scan Target Credentials Password

    The password for the scan target credential that you selected.

  15. Optional: If you selected Linux/Unix/Mac (SSH) from the Scan Target Credentials Type list, specify the SSH Private Key.
  16. Optional: If you selected Oracle from the Scan Target Credentials Type list, you can specify an Oracle Service ID (SID) of an Oracle database instance by typing it in the Oracle SID field.
  17. Optional: If you selected SNMPv3 from the Scan Target Credentials Type list, complete the following steps:
    1. Select one of the following checksum algorithm options from the SNMP Password Protocol list:

      Option

      Description

      SHA

      Select this option for the password that you typed in the Scan Target Credentials Password field to use the SHA protocol.

      MD5

      Select this option for the password that you typed in the Scan Target Credentials Password field to use the MD5 protocol

    2. Optional: You can specify an SNMP passphrase by typing it in the SNMP Passphrase field. If you specified an SNMP Passphrase, select one of the following options from the SNMP Passphrase Protocol list:

      Option

      Description

      DES

      Select this option for the passphrase that you typed in the SNMP passphrase field to use the DES protocol.

      AES

      Select this option for the password that you typed in the SNMP passphrase field to use the AES protocol.

  18. If you selected Report Only from the Scan Type list, type the maximum age of scan reports that you want to import in the Max Report Age field.
  19. Configure CIDR ranges for the scanner:
    1. In the CIDR Ranges field, type the CIDR range for the scan or click Browse to select a CIDR range from the network list.

    2. Click Add.

  20. Click Save.