- play_arrow What's New for Users in JSA Vulnerability Manager 7.4.0
- play_arrow Installations and Deployments
- Installations and Deployments
- Vulnerability Backup and Recovery
- Ports Used for Communication Between JSA and JSA Vulnerability Manager Managed Hosts
- Options for Moving the Vulnerability Processor in Your JSA Vulnerability Manager Deployment
- Options for Adding Scanners to Your JSA Vulnerability Manager Deployment
- JSA Vulnerability Manager High-availability Scans
- Extending the JSA Vulnerability Manager Temporary License Period
- JSA Vulnerability Manager High-availability Scans
- play_arrow Overview Of JSA Vulnerability Manager
- play_arrow Vulnerability Scanning Strategy and Best Practices
- Vulnerability Scanning Strategy and Best Practices
- Scan Policy Types
- Scan Duration and Ports Scanning
- Tune Your Asset Discovery Configuration
- Tune Your Asset Discovery Performance
- Web Application Scanning
- Scanner Placement in Your Network
- Dynamic Scanning
- Network Bandwidth for Simultaneous Asset Scans
- Network Interface Cards on Scanners
- Vulnerability Management for Asset Owners
- Vulnerability Scan Notifications
- Triggering Scans of New Assets
- Configuring Environmental Risk for an Asset
- External Scanning FAQs
- play_arrow Scan Configuration
- play_arrow False Positives Management
- play_arrow Scanning on Windows-based Assets
- Scanning on Windows-based Assets
- Configuring an Authenticated Scan Of the Windows Operating System
- Remote Registry
- Enabling Remote Registry Access to Assets on the Windows Operating System
- Assigning Minimum Remote Registry Permissions
- Configuring WMI
- Setting Minimum DCOM Permissions
- Setting DCOM Remote Access Permissions
- Administrative Shares
- Enabling Administrative Shares
- Disabling Administrative Shares
- Manually Configuring NTLMv2 Authentication to Prevent Scan Failures
- play_arrow Vulnerability Exception Rules
- play_arrow Scan Investigations
- Scan Investigations
- Searching Scan Results
- Including Column Headings in Asset Searches
- Managing Scan Results
- Republishing Scan Results
- Asset Risk Levels and Vulnerability Categories
- Asset, Vulnerability, and Open Services Data
- Viewing the Status Of Asset Patch Downloads
- Vulnerability Risk and PCI Severity
- Troubleshooting Scan Issues
- Emailing Asset Owners When Vulnerability Scans Start and Stop
- play_arrow Management Of Your Vulnerabilities
- Management Of Your Vulnerabilities
- Common Vulnerability Scoring System (CVSS)
- Investigating Vulnerability Risk Scores
- Custom Risk Classification
- Searching Vulnerability Data
- Vulnerability Instances
- Network Vulnerabilities
- Asset Vulnerabilities
- Open Service Vulnerabilities
- Investigating the History Of a Vulnerability
- Reducing the Number Of False Positive Vulnerabilities
- Investigating High Risk Assets and Vulnerabilities
- Prioritizing High Risk Vulnerabilities by Applying Risk Policies
- Configuring Custom Display Colors for Risk Scores
- Identifying the Patch Status Of Your Vulnerabilities
- Removing Unwanted Vulnerability Data
- Configuring Vulnerability Data Retention Periods
- play_arrow Vulnerability Remediation
- play_arrow Vulnerability Reports
- play_arrow Scanning New Assets That Communicate with the Internet
- Scanning New Assets That Communicate with the Internet
- Creating an Asset Saved Search for New Assets
- Creating an On-demand Scan Profile
- Creating a Policy Monitor Question to Test for Internet Communication
- Monitoring Communication Between New Assets and the Internet
- Configuring an Offense Rule to Trigger a Scan
- play_arrow Security Software Integrations
- play_arrow IBM Security SiteProtector Integration
- play_arrow Vulnerability Research, News, and Advisories
- play_arrow JSA Vulnerability Manager Engine for OpenVAS Vulnerability Tests
Authenticated Patch Scans
In JSA Vulnerability Manager, you can scan for community names and run authenticated patch scans for Windows, Linux, and UNIX operating systems.
SNMP Community Names
You can scan your network assets by using SNMP community names. This function applies to SNMP V1 and V2c.
When you scan assets, JSA Vulnerability Manager authenticates by using the SNMP services that are found and completes a more detailed vulnerability scan.
Windows Patch Scans
To scan Windows operating systems for missing patches, the remote registry access and Windows management interface (WMI) must be enabled. If your Windows patch scan returns WMI connectivity issues, you must configure your Windows systems.
To read WMI data on a remote server, you must enable the connections between your JSA console and the server that you are monitoring. If the server is using a Windows firewall, then you must configure the system to enable remote WMI requests.
If you are use a non-administrator account to monitor the Windows server, then you must enable the account to interact with Distributed Component Object Model (DCOM).
If the patch scan tool cannot connect to a Windows asset, a
yellow triangular warning icon is displayed next to the asset in the
scan results. The following vulnerability is raised: Local Checks Error.
Enabling some restrictions for unauthenticated RPC clients in your Windows Group Policy prevents JSA Vulnerability Manager from running WMI queries when it scans a Windows server. When this authentication failure occurs, a yellow triangular warning icon is displayed next to the asset in the scan results. For example, if you enable Restrict Unauthenticated RPC Client in Windows 2012, you can select None, Authenticated, or Authenticated without exceptions from the menu. If you select Authenticated without exceptions, JSA Vulnerability Manager cannot run WMI queries and is unable to complete the scan.
Secure Linux Operating System Authenticated Scanning
To scan Linux operating systems by using secure authentication, you can configure public key encryption between your console or managed host and your scan targets.
When secure authentication is configured, you do not need to specify a Linux operating system password in your scan profile.
You must configure public key authentication on every Linux operating system that you scan.
If you move your vulnerability processor to a dedicated vulnerability processor appliance, you must reconfigure the secure authentication between the dedicated vulnerability processor appliance and the scan target.
If the patch scan tool cannot connect to a Linux asset, a yellow
triangular warning icon is displayed next to the asset in the scan
results. The following vulnerability is raised: SSH
Patch Scanning - Failed Logon.
