Authenticated Patch Scans
In JSA Vulnerability Manager, you can scan for community names and run authenticated patch scans for Windows, Linux, and UNIX operating systems.
SNMP Community Names
You can scan your network assets by using SNMP community names. This function applies to SNMP V1 and V2c.
When you scan assets, JSA Vulnerability Manager authenticates by using the SNMP services that are found and completes a more detailed vulnerability scan.
Windows Patch Scans
To scan Windows operating systems for missing patches, the remote registry access and Windows management interface (WMI) must be enabled. If your Windows patch scan returns WMI connectivity issues, you must configure your Windows systems.
To read WMI data on a remote server, you must enable the connections between your JSA console and the server that you are monitoring. If the server is using a Windows firewall, then you must configure the system to enable remote WMI requests.
If you are use a non-administrator account to monitor the Windows server, then you must enable the account to interact with Distributed Component Object Model (DCOM).
If the patch scan tool cannot connect to a Windows asset, a
yellow triangular warning icon is displayed next to the asset in the
scan results. The following vulnerability is raised: Local Checks Error
.
Enabling some restrictions for unauthenticated RPC clients in your Windows Group Policy prevents JSA Vulnerability Manager from running WMI queries when it scans a Windows server. When this authentication failure occurs, a yellow triangular warning icon is displayed next to the asset in the scan results. For example, if you enable Restrict Unauthenticated RPC Client in Windows 2012, you can select None, Authenticated, or Authenticated without exceptions from the menu. If you select Authenticated without exceptions, JSA Vulnerability Manager cannot run WMI queries and is unable to complete the scan.
Secure Linux Operating System Authenticated Scanning
To scan Linux operating systems by using secure authentication, you can configure public key encryption between your console or managed host and your scan targets.
When secure authentication is configured, you do not need to specify a Linux operating system password in your scan profile.
You must configure public key authentication on every Linux operating system that you scan.
If you move your vulnerability processor to a dedicated vulnerability processor appliance, you must reconfigure the secure authentication between the dedicated vulnerability processor appliance and the scan target.
If the patch scan tool cannot connect to a Linux asset, a yellow
triangular warning icon is displayed next to the asset in the scan
results. The following vulnerability is raised: SSH
Patch Scanning - Failed Logon
.