- play_arrow What's New for Users in JSA Vulnerability Manager 7.4.0
- play_arrow Installations and Deployments
- Installations and Deployments
- Vulnerability Backup and Recovery
- Ports Used for Communication Between JSA and JSA Vulnerability Manager Managed Hosts
- Options for Moving the Vulnerability Processor in Your JSA Vulnerability Manager Deployment
- Options for Adding Scanners to Your JSA Vulnerability Manager Deployment
- JSA Vulnerability Manager High-availability Scans
- Extending the JSA Vulnerability Manager Temporary License Period
- JSA Vulnerability Manager High-availability Scans
- play_arrow Overview Of JSA Vulnerability Manager
- play_arrow Vulnerability Scanning Strategy and Best Practices
- Vulnerability Scanning Strategy and Best Practices
- Scan Policy Types
- Scan Duration and Ports Scanning
- Tune Your Asset Discovery Configuration
- Tune Your Asset Discovery Performance
- Web Application Scanning
- Scanner Placement in Your Network
- Dynamic Scanning
- Network Bandwidth for Simultaneous Asset Scans
- Network Interface Cards on Scanners
- Vulnerability Management for Asset Owners
- Vulnerability Scan Notifications
- Triggering Scans of New Assets
- Configuring Environmental Risk for an Asset
- External Scanning FAQs
- play_arrow Scan Configuration
- play_arrow False Positives Management
- play_arrow Authenticated Patch Scans
- play_arrow Scanning on Windows-based Assets
- Scanning on Windows-based Assets
- Configuring an Authenticated Scan Of the Windows Operating System
- Remote Registry
- Enabling Remote Registry Access to Assets on the Windows Operating System
- Assigning Minimum Remote Registry Permissions
- Configuring WMI
- Setting Minimum DCOM Permissions
- Setting DCOM Remote Access Permissions
- Administrative Shares
- Enabling Administrative Shares
- Disabling Administrative Shares
- Manually Configuring NTLMv2 Authentication to Prevent Scan Failures
- play_arrow Vulnerability Exception Rules
- play_arrow Scan Investigations
- Scan Investigations
- Searching Scan Results
- Including Column Headings in Asset Searches
- Managing Scan Results
- Republishing Scan Results
- Asset Risk Levels and Vulnerability Categories
- Asset, Vulnerability, and Open Services Data
- Viewing the Status Of Asset Patch Downloads
- Vulnerability Risk and PCI Severity
- Troubleshooting Scan Issues
- Emailing Asset Owners When Vulnerability Scans Start and Stop
- play_arrow Management Of Your Vulnerabilities
- Management Of Your Vulnerabilities
- Common Vulnerability Scoring System (CVSS)
- Investigating Vulnerability Risk Scores
- Custom Risk Classification
- Searching Vulnerability Data
- Vulnerability Instances
- Network Vulnerabilities
- Asset Vulnerabilities
- Open Service Vulnerabilities
- Investigating the History Of a Vulnerability
- Reducing the Number Of False Positive Vulnerabilities
- Investigating High Risk Assets and Vulnerabilities
- Prioritizing High Risk Vulnerabilities by Applying Risk Policies
- Configuring Custom Display Colors for Risk Scores
- Identifying the Patch Status Of Your Vulnerabilities
- Removing Unwanted Vulnerability Data
- Configuring Vulnerability Data Retention Periods
- play_arrow Vulnerability Remediation
- play_arrow Vulnerability Reports
- play_arrow Scanning New Assets That Communicate with the Internet
- Scanning New Assets That Communicate with the Internet
- Creating an Asset Saved Search for New Assets
- Creating an On-demand Scan Profile
- Creating a Policy Monitor Question to Test for Internet Communication
- Monitoring Communication Between New Assets and the Internet
- Configuring an Offense Rule to Trigger a Scan
- play_arrow Security Software Integrations
- play_arrow IBM Security SiteProtector Integration
- play_arrow Vulnerability Research, News, and Advisories
About the Full Scan Plus Policy
Full Scan Plus executes the OpenVAS NVTs, as well as the tools of the existing Full Scan policy. As a result, vulnerability detection is enhanced where unauthenticated scans are required and time permits to run those additional tests.
You must have the correct license capabilities to perform the following scanning operations. If you need assistance to obtain a new or updated license key, contact your Juniper Customer Support.
Note: You must install the Full Scan Plus policy RPM to use this scan policy.
The Full Scan Plus policy uses a daily updated feed of about 50,000 individual Network Vulnerability Tests (NVT) provided by the OpenVAS open source project.
By default, the policy discovers network assets by using a FAST scan port range. An authenticated scan is run when credentials are provided.
A full scan has the following phases:
Scan type | Description |
|---|---|
Discovery scan | Discovers network assets, and then scans ports to identify key asset characteristics, such as operating system, device type, and services. Vulnerabilities are not scanned. |
Uncredentialed scan | Checks services that do not require credentials, for example, reading banners and responses for version information, SSL certificate expiry, testing default accounts, and testing responses for vulnerabilities. Note: The most powerful feature of the Full Scan Plus scan is its comprehensive uncredentialed scan, which runs more tests that the Full Scan, which are provided by the open source community. This scan is more detailed than the Full Scan but it takes longer and uses more resources. Run this scan during quiet periods in your network, ideally overnight or at weekends. |
Credentialed scan | JSA Vulnerability Manager logs on to the asset and gathers information about the installed application inventory and required configuration, and raises or suppresses vulnerabilities |
