Configuring a Scan Policy
In JSA Vulnerability Manager, you can configure a scan policy to meet any specific requirements for your vulnerability scans. You can copy and rename a preconfigured scan policy or you can add a new scan policy. You can't edit a preconfigured scan policy.
You must have the correct license capabilities to perform the following scanning operations. If you need assistance to obtain a new or updated license key, contact your Juniper Customer Support.
- Click the Vulnerabilities tab.
- In the navigation pane, click Administrative > Scan Policies.
- On the toolbar, click Add.
- Type the name and description of your scan policy.
To configure a scan policy, you must at least configure the mandatory fields in the New Scan Policy window, which are the Name and Description fields.
- From the Scan Type list, select the scan type.
- To manage and optimize the asset-discovery process, click the Asset Discovery tab.
- To manage the ports and protocols that are used for a scan, click the Port Scan tab.
- To include specific vulnerabilities in your patch scan
policy, click the Vulnerabilities tab.
The Vulnerabilities tab is available only when you select a patch scan.
- To include or exclude tool groups from your scan policy,
click the Tool Groups tab
The Tool Groups tab is available only when you select a zero-credentialed full-scan or full-scan plus policy.
- To include or exclude tools from a scan policy, click
the Tools tab.
The Tools tab is available only when you select a zero-credentialed Full Scan or Full Scan Plus policy.
If you do not modify the tools or tool groups, and you select the Full option as your scan type, then all the tools and tool groups that are associated with a full scan are included in your scan policy.
- Click Save.