How to adjust discovery settings in Risk Automation Suite
| Article:HOWTO31235 | | | Created: 2010-08-27 | | | Updated: 2012-05-01 | | | Article URL http://www.symantec.com/docs/HOWTO31235 |
The portal settings affecting asset discovery can be used to determine how networks, workstations, servers, applications, and rogue hosts are discovered/ not discovered.
Navigation: Control Panel > Portal Administration > Portal Configurations > Settings
Discovery Settings
OS fingerprint Unknown hosts every x days: 30 (Edit)
Report Applications dead after x times undetected: 3 (Edit)
Report Applications dead if not detected in x days: 1 (Edit)
Report Infrastructure dead after x times undetected: 3 (Edit)
Report Infrastructure dead if not detected in x days: 3 (Edit)
Report Networks dead after x times undetected: 3 (Edit)
Report Networks dead if not detected in x days: 30 (Edit)
Report Servers dead after x times undetected: 3 (Edit)
Report Servers dead if not detected in x days: 3 (Edit)
Report Unknown dead after x times undetected: 1 (Edit)
Report Unknown dead if not detected in x days: 2 (Edit)
Report Workstations dead after x times undetected: 3 (Edit)
Report Workstations dead if not detected in x days: 30 (Edit)
These settings relate to how assets are continously discovered or not. These assets are rendered as 'dead' or 'alive' by Risk Automation Suite. An asset that has been discovered and is continously discovered will be regarded as 'alive', while an asset that has been discovered at some point in the past and not discovered subsequently will be regarded a 'dead'.
This criteria can be managed through the Discovery Settings on the portal which dictate the amount of times in which a Discovery Scan is run and the previously identified host is found OR the amount of days in which a host has not been identified by the Discovery Scanner.
Discovered Hosts are automatically unauthorized if not correlated to an authorized domain or if applicable an authorized SNMP string.
Networks default to unauthorized unless pre-populated in RAS before discovery.
High risk service ports are automatically unauthorized (customizable by customer).
|
|
Article URL http://www.symantec.com/docs/HOWTO31235
Terms of use for this information are found in Legal Notices
Thank you.