IBM Proventia Network Enterprise User Manual - page 98
Chapter 7: Configuring Discovery and Assessment Policies
98
IBM Internet Security Systems
How Policies Apply to Discovery and Assessment Scans
Introduction
With Enterprise Scanner, you define discovery scans and assessment scans separately.
Agent and asset policies apply to discovery and assessment scans as follows:
●
Agent policies describe the scanning behavior of the agent, and they apply to both
discovery and assessment scans.
Note:
The ESM (Enterprise Scanner Module) agent policy does, however, include
some separate settings for discovery and assessment scans.
●
Asset policies apply to discovery scans, to assessment scans, or to both, depending on
the policy.
Scope of scanning
The scopes of discovery and assessment scans are defined as follows:
Asset policies
Table 36 identifies which asset policies apply to discovery scans, which apply to
assessment scans, and which apply to both:
Type of Scan
Scope
Discovery
The IP addresses that you assign to the scan for a single group.
Note: The group you use for discovery scans may already contain assets.
Those assets do not have to belong to the IP range of the scan.
Assessment
The assets in a group and any included subgroups, based on policy inheritance.
Note: The list of assets included in a scan is based on the assets in the group
when the scan job is posted to the Command Jobs window—not the assets in
the group when you save assessment policies.
Table 35: Scope of discovery and assessment scans
Policy
Discovery
Assessment
Assessment
n/a
9
Assessment Credentials
9
9
Discovery
9
n/a
Network Locations
9
9
Network Services
n/a
9
Scan Control
9
9
Scan Exclusion
n/a
9
Scan Window
9
9
Table 36: Asset policies that affect discovery and assessment scans