Perform Custom Compliance Scans
Paragon Automation automatically runs scans to assess the
targets in the network. While automatic scans check for compliance of all targets in the
network, you can initiate custom scans to scan specified targets.
To run a custom scan:
-
Click Trust > Compliance.
The Compliance page appears displaying a list of scans that were previously run.
-
Click Add.
The Create Compliance Scan page appears and the source and benchmarks document are selected by default.
-
Select a profile depending on the level of security of the scan to be performed.
A benchmarks document may have one or more profiles. The value <default> indicates that you haven't selected a security profile.
- Click Next.
- (Optional) Select a Tailoring document and version, and then click Next.
- On the Select Targets page, select one or more targets that you want to scan from the Available Targets box and click the > icon to move the targets to the Selected Targets box.
- Click Next.
- (Optional) On the Add Labels page, define a key-value pair. Labels help you identify scans that you initiated. You can use these labels to filter completed scans.
-
Click Next to review the scan settings.
The page displays details of the benchmarks document selected, tailoring documents, labels assigned, and so on.
-
Click Scan.
The newly initiated scan is listed on the Compliance page with the status In Progress. After the scan is completed, you can analyze the scan results for devices that are not compliant. See Analyze Scan Results.
Table 1: Fields on the Create Compliance Scan Page Field Description Source Select the organization that provides the benchmarks document. For example, Center for Internet Security (CIS). Benchmark Select the benchmarks document applied on the network. Version Select the version of the benchmarks document. Profile Select a security profile. A typical benchmarks document has three recommended profiles: default, Level 1 and Level 2. While the profile Level 1 is the base recommendation that doesn’t cause much performance impact, Level 2 is for environments that need stricter security enforcement. The default profile is applied if no profile is selected. Select targets Select the targets that you want to scan from the available targets. Labels Add a key-value pair to identify the scan. As Compliance page may contain many scans completed in the past, labels help you identify scans that you initiated. Also, you can use these labels to filter completed scans.