In JSA Vulnerability Manager, you can configure
a scan policy to meet any specific requirements for your vulnerability
scans. You can copy and rename a preconfigured scan policy or you
can add a new scan policy. You can't edit a preconfigured scan policy.
You must have the correct license capabilities to perform the
following scanning operations. If you need assistance to obtain a
new or updated license key, contact your Juniper Customer Support.
- Click the Vulnerabilities tab.
- In the navigation pane, click Administrative > Scan Policies.
- On the toolbar, click Add.
- Type the name and description of your scan policy.
To configure a scan policy, you must at least configure the
mandatory fields in the New Scan Policy window, which are the Name and Description fields.
- From the Scan Type list, select the scan type.
- To manage and optimize the asset-discovery process, click
the Asset Discovery tab.
- To manage the ports and protocols that are used for a
scan, click the Port Scan tab.
- To include specific vulnerabilities in your patch scan
policy, click the Vulnerabilities tab.
Note: The Vulnerabilities tab is available only
when you select a patch scan.
- To include or exclude tool groups from your scan policy,
click the Tool Groups tab
Note: The Tool Groups tab is available only when
you select a zero-credentialed full-scan or full-scan plus policy.
- To include or exclude tools from a scan policy, click
the Tools tab.
Note: The Tools tab is available only when you select
a zero-credentialed Full Scan or Full Scan Plus policy.
Note: If you do not modify the tools or tool groups, and you
select the Full option as your scan type, then all the
tools and tool groups that are associated with a full scan are included
in your scan policy.
- Click Save.
