You can use the tooltips next to any of the options in the UI to see more information about them.
General
- Define a Template name. We recommend that you make this as descriptive as possible.
- Define the TCP/UDP Port range that you want to scan. We recommend that you perform a full TCP/UDP port scan to ensure full coverage.
- Scanning performance decides the delay between packets sent (during the port scan).
- Skip backported software decides if the system scan should skip reporting certain vulnerabilities on operating systems that support backported software.
Note: Backporting is the action of taking parts from a newer version of software and porting them to an older version of the same software. When this approach is used for applying security patches on Linux distributions like Red Hat, Ubuntu, Debian and others, the software’s version number does not change. System scans will therefore continue to see the software as outdated and report false positives. The best way to avoid such false positives is to configure authenticated scanning, which will enable system scans to verify the actual patch level on the system being scanned. Unfortunately, it is not always possible to run authenticated scans, which is why you can use the Skip backported software setting. This allows you to decide if system scans should report vulnerabilities in backported software or not.
- Extended scan log. Only enable this option if you need to debug a scan.
Plugin selection
You can choose specific plugins that you want to scan for. You can define a scan configuration that will either exclude or include the scanning of certain plugins. The most common scenario is when new critical vulnerabilities are announced to the public and you would like to scan for that specific vulnerability. For example, you can create a scan template that will only scan for the “Heartbleed” vulnerability.
For inspiration, go to Templates > Network scan templates to view some of the built-in scan templates.
Note: It is recommended that you always scan with a complete set of plugins. A scan that covers a limited number of plugins gives a false security status of the scanned system and may affect the vulnerability remediation status known to Elements Vulnerability Management. For example, previously detected vulnerabilities can disappear on the latest report and be considered fixed.
Authentication
In addition to regular network-based scanning, where the host’s ports are scanned and the exposed services are reviewed for flaws, you can also run a system scan in authenticated mode, which enables it to authenticate the target host. Authenticated scanning helps the scanner eliminate potential false positives and check patch levels and other misconfigurations.