Home > User Interface > Configuration > Compliance > Scans
|
Menu path: Configuration > Compliance Overview > Scans.
Scans are used to evaluate the health and conformance of client during the registration process. A3 supports a number of scanners, including Nessus and OpenVAS. Scanners are installed and configured independently through their GUI and command line interfaces.
The general format and usage of this page is discussed in General GUI Usage.
The Scans page provides the Scan Engines tab, which defines the Nessus, OpenVAS, and Rapid7 interfaces.
Scan engines are added by selecting 
. The choices are:
Nessus and Nessus6
The fields in a Nessus definition are:
| Field | Usage | Example |
|---|---|---|
| Name | Name of the scanner. | Nessus |
| Host Name or IP Address | The hostname or IP address where Nessus is running | 10.1.2.3 |
| User Name | The user name used to connect to the Nessus server. | admin |
| Password | The password corresponding to User Name | |
| Port | The port to connect to for the Nessus service. | 8834 |
| Nessus Client Policy | The name of the Nessus-configured policy to apply. | Employee_Scan |
| Roles | The list of roles for which the scan will be applied. Multiple roles can be selected from the list of all Roles defined. | guests students |
| OS | A list of operating system indicating which operating systems the provisioner will be applied to. Matches are displayed as characters are entered. | iOS |
| Duration | The approximate duration of the scan, used for a progress bar. | 60 seconds |
| Scan Before Registration | If enabled, the client will be scanned before registration. |
|
| Scan on Registration | If enabled, the client will be scanned after successful registration. |
|
| Scan After Registration | If enabled, the client will be scanned after it is placed on the production VLAN. |
|
Event IDs used in security events are defined in https://www.tenable.com/plugins/search?q=Nessus%20ids&sort=&page=1.
OpenVAS
The fields in a OpenVAS definition are:
| Field | Usage | Example |
|---|---|---|
| Name | Name of the scanner. | Nessus |
| Host Name or IP Address | The hostname or IP address where OpenVAS is running. | 10.1.2.3 |
| User Name | The user name used to connect to the OpenVAS server. | admin |
| Password | The password corresponding to User Name | |
| Port | The port to connect to for the OpenVAS service. | 9390 |
| Alert ID | The alert ID as configured on the OpenVAS service | |
| Scan Configuration ID | The scan ID as configured on the OpenVAS service | Student_Scan |
| Report Format ID | The report format ID as configured on the OpenVAS service. | |
| Roles | The list of roles for which the scan will be applied. Multiple roles can be selected from the list of all Roles defined. | guests students |
| OS | A list of operating system indicating which operating systems the provisioner will be applied to. Matches are displayed as characters are entered. | iOS |
| Duration | The approximate duration of the scan, used for a progress bar. | 60 seconds |
| Scan Before Registration | If enabled, the client will be scanned before registration. |
|
| Scan on Registration | If enabled, the client will be scanned after successful registration. |
|
| Scan After Registration | If enabled, the client will be scanned after it is placed on the production VLAN. |
|
The Event IDs used in security events are referred to as NVT OIDs in OpenVAS documentation.
Rapid7
The fields in a Rapid7 definition are:
| Field | Usage | Example |
|---|---|---|
| Name | Name of the scanner. | Nessus |
| Host Name or IP Address | The hostname or IP address where Rapid7 is running | 10.1.2.3 |
| User Name | The user name used to connect to the Rapid7 server. | admin |
| Password | The password corresponding to Username | |
| Port | The port to connect to for the Rapid7 service. | 3780 |
| Verify Host Name | If enabled, the server's hostname will be verified when connecting to the API. | A3 |
| Scan Engine | A selection from the list of scan engines configured in Rapid7. | |
| Scan Template | A selection from the list of scan templates configured in Rapid7. | |
| Site | A selection from the list of sites configured in Rapid7. | |
| Roles | The list of roles for which the scan will be applied. Multiple roles can be selected from the list of all Roles defined. | guests students |
| OS | A list of operating system indicating which operating systems the provisioner will be applied to. Matches are displayed as characters are entered. | iOS |
| Duration | The approximate duration of the scan, used for a progress bar. | 60 seconds |
| Scan Before Registration | If enabled, the client will be scanned before registration. |
|
| Scan on Registration | If enabled, the client will be scanned after successful registration. |
|
| Scan After Registration | If enabled, the client will be scanned after it is placed on the production VLAN. |
|
Copyright © 2023 Extreme Networks. All rights reserved. Published March 28, 2023.