Adding or Editing an Asset Profile
SUMMARY Before you can do a CIS benchmark scan, you must add the network assets that you intend to scan to JSA. Asset profiles are automatically discovered and added; however, you might be required to manually add a profile.
You can enter information on each asset manually by creating an Asset Profile on the Assets tab. Alternatively, you can configure a scan profile on the Vulnerabilities tab to run a discovery scan. The discovery scan allows JSA to identify key asset characteristics such as operating system, device type, and services.
When assets are discovered by using the Server Discovery option, some asset profile details are automatically populated. You can manually add information to the asset profile and you can edit certain parameters.
You can edit only the parameters that were manually entered. Parameters that were system-generated are displayed in italics and are not editable. You can delete system-generated parameters, if needed.
- Click the Assets tab.
- On the navigation menu, click Asset Profiles.
- Choose one of the following options:
Option Description Add Asset To add an asset, click Add Asset and type the IP address or CIDR range of the asset in the New IP Address field. Edit Asset Double click the asset that you want to view and click Edit Asset. -
Configure the parameters in the MAC & IP Address pane. Configure one or more of the following options:Note:When you edit an existing asset, the asset must have a MAC address before you can add an IP address.
Parameter Description New MAC Address Type a MAC address in the dialog box. New IP Address Type an IP address in the dialog box. Unknown NIC If this parameter is listed, you can select this item, click the Edit icon, and type a new MAC address in the dialog box. Edit Select a MAC or IP address from the list, click the Edit icon, and type a new MAC address in the dialog box. Remove Select a MAC or IP address from the list and click the Remove icon. - Configure the parameters in the Names & Description pane.
Configure one or more of the following options:
Parameter Description DNS Choose one of the following options:
Type a DNS name and click Add.
Select a DNS name from the list and click Edit.
Select a DNS name from the list and click Remove.
NetBIOS Choose one of the following options:
Type a NetBIOS name and click Add.
Select a NetBIOS name from the list and click Edit.
Select a NetBIOS name from the list and click Remove.
Given Name Type a name for this asset profile. Location Type a location for this asset profile. Description Type a description for the asset profile. Wireless AP Type the wireless Access Point (AP) for this asset profile. Wireless SSID Type the wireless Service Set Identifier (SSID) for this asset profile. Switch ID Type the switch ID for this asset profile. Switch Port ID Type the switch port ID for this asset profile. - Configure the parameters in the Operating System pane:
- Configure the parameters in the CVSS & Weight pane. Configure one or
more of the following options:
Parameter Description Collateral Damage Potential Configure this parameter to indicate the potential for loss of life or physical assets through damage or theft of this asset. You can also use this parameter to indicate potential for economic loss of productivity or revenue. Increased collateral damage potential increases the calculated value in the CVSS Score parameter.
From the Collateral Damage Potential list box, select one of the following options:
- None
- Low
- Low-medium
- Medium-high
- High
- Not defined
When you configure the Collateral Damage Potential parameter, the Weight parameter is automatically updated.
Confidentiality Requirement Configure this parameter to indicate the impact on confidentiality of a successfully exploited vulnerability on this asset. Increased confidentiality impact increases the calculated value in the CVSS Score parameter.
From the Confidentiality Requirement list box, select one of the following options:
- Low
- Medium
- High
- Not defined
Availability Requirement Configure this parameter to indicate the impact to the asset's availability when a vulnerability is successfully exploited. Attacks that consume network bandwidth, processor cycles, or disk space impact the availability of an asset. Increased availability impact increases the calculated value in the CVSS Score parameter.
From the Availability Requirement list box, select one of the following options:
- Low
- Medium
- High
- Not defined
Integrity Requirement Configure this parameter to indicate the impact to the asset's integrity when a vulnerability is successfully exploited. Integrity refers to the trustworthiness and guaranteed veracity of information. Increased integrity impact increases the calculated value in the CVSS Score parameter.
From the Integrity Requirement list box, select one of the following options:
- Low
- Medium
- High
- Not defined
Weight From the Weight list box, select a weight for this asset profile. The range is 0 - 10.
When you configure the Weight parameter, the Collateral Damage Potential parameter is automatically updated.
- Configure the parameters in the Owner pane. Choose one or more of the following options:
Parameter Description Business Owner Type the name of the business owner of the asset. An example of a business owner is a department manager. The maximum length is 255 characters. Business Owner Contact Type the contact information for the business owner. The maximum length is 255 characters. Technical Owner Type the technical owner of the asset. An example of a business owner is the IT manager or director. The maximum length is 255 characters. Technical Owner Contact Type the contact information for the technical owner. The maximum length is 255 characters. Technical User From the list box, select the username that you want to associate with this asset profile.
You can also use this parameter to enable automatic vulnerability remediation for JSA Vulnerability Manager. For more information about automatic remediation, see the Juniper Secure Analytics Vulnerability Manager User Guide.
- Click Save.