Risk Intelligence Help

Create Custom Scan Configuration

To create a custom scan configuration:

The steps and options available vary between scan types. The options shown below may not be available for the scan configuration you are creating.
  1. Go to View and Manage - Scan Configurations.
  2. At the bottom right of the page, click Add Scan Configuration.
  3. Step 1 - Select Scan type is displayed.

  4. Select the Scan Types from those available and click Next.
  5. Step 2 - Scan Options of the wizard allows you to configure a variety of options (those available are dependent on the scan type selected in step 1). Options may include:
    • Scan Configuration Name
    • Exclude specific files types from data discovery scans. In the format: txt|doc|docx (Default: nil)
    • Hide the report from the user when scan completes (not supported for mobile devices) (default false)

    • Scan all file types regardless of extension in data discovery scans (Default: false)
    • Enable scanning from drives mounted from network shares in data discovery scans (Default: false)
    • List only the directories you wish to scan - In the format: c:\temp, c:\users\history etc.
    • Exclude specific file types from data discovery scans - In the format: txt|doc|docx.
    • Scan redirection URL - Redirects the output of the scan to the specified URL so that the scan report style can be customized.
    • Maximum number of seconds for scan to run - The maximum amount of seconds the scan will run before it times out. The timeout value is written to the log and, if the scan times out, the event is logged. This value must be a positive integer. The default is 0 seconds which means the scan will run with no timeout.

    • Enable scanning of removable drives in data discovery scans (Default: false).
    • List of Check IDs to Suppress (return true) (Default: oval:org.secpod.oval:def:7929, oval:org.secpod.oval:def:7925, oval:org.secpod.oval:def:6707, oval:org.mitre.oval:def:5965, oval:org.mitre.oval:def:6340, oval:org.secpod.oval:def:2556, oval:org.secpod.oval:def:7924, oval:org.secpod.oval:def:7927, oval:org.secpod.oval:def:7926) - List of patch, vulnerability and config check IDs that can be excluded from the particular scan results report. This is only used as a last resort and generally only when that particular check cannot be run against that particular machine.
    • Logging value - Number 0-10, 0 is no logging, 10 is maximum logging (Default: 2) - This logging level determines how much information is logged to the app.log file during each scan. Default is 2, which logs ERROR, INFO and some DEBUG messages. When troubleshooting, you may want to increase this to 3 or 4, but this makes the app.log become extremely large.
    • CPU throttling - Controls how much CPU utilization the executable will use during the scan. The higher the number, the less CPU used, but the more time the scan will take.
    • For a list of supported file types, see Supported File Types, OS and Applications.
  6. Once you are done, click Next to go to Step 3. This step varies depending on the scan type selected in Step 1 and will display one of the following:
  7. If the Scan Configuration Review is displayed, check your details and click Save Scan Configuration.
  8. Alternatively, enter any Using Data Rulesets to Find Sensitive Data (for Data Discovery and Data Breach Risk scan types) or Specify File Patterns and File Hashes for File Finder Scan Configuration (File Finder scan types) and click Next to go to Step 4 - Scan Configuration Review where you can review and save your new configuration.