IBM Proventia Network Enterprise User Manual - page 89
Defining Periods of Allowed Scanning (Scan Window Policy)
89
IBM Proventia Network Enterprise Scanner User Guide, Version 1.3
Defining Periods of Allowed Scanning (Scan Window Policy)
Introduction
Use the Scan Window policy to define the following:
●
hours of allowed scanning for discovery scans (scan windows)
●
hours of allowed scanning for assessment scans (scan windows)
●
the time zone in which you want the scanning to occur, which is usually the time zone
of the assets
Important:
By default, scanning is allowed at any time. If you want to limit scanning, be
sure to define scan windows.
Scope
The Scan Window policy applies to background discovery and assessment scans. For an
ad hoc scan, you can choose whether to run the scan only during the windows defined in
this policy or to run the scan without restriction.
Default behavior
By default, all scan windows are open, so scanning is allowed at any time. When you open
a Scan Window policy, however, the default changes; and all scan windows are closed. If
you modify a Scan Window policy, be sure to define scan windows for discovery and for
assessment scans.
Important:
If you start a scan when there are no scan windows, the job appears in the
Command Jobs window in the Idle state. The job will not run until you define scan
windows.
Rules for defining
scan windows
The following rules apply to scan windows:
●
You define the scan windows for discovery and assessment policies separately, on
separate tabs of the policy.
Important:
Be sure to define a scan window for both types of scans if you intend to
run both as background scans.
●
You can define scan windows only in increments of hours, so the minimum scan
window is one hour.
●
You can define as many scan windows as you want on any day of the week.
Important
consideration for
multiple agents
If you have multiple agents, you should stagger your scan windows to allow the
discovery scan to finish before the assessment scan begins. If a discovery scan adds assets
to a group while an assessment scan is running, there is no guarantee that those assets will
be included in the assessment scan.
Procedure
To define periods of allowed scanning:
1. In the SiteProtector Console, set up a tab to display asset policies. (See page 74.)
2. On the navigation pane, select a group, and then open the Scan Window policy for
that group.
3. Select the Discovery Windows tab or the Assessment Windows tab.
Note:
Scanning hours are selected; non-scanning hours are not selected.