🌙
 

Subscribe to the Taegis™ VDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Scan Rules

This article describes how to use Secureworks® Taegis™ VDR’s scan tuning feature to instruct VDR to not scan specified ports on identified assets during the vulnerability scanning process.

VDR allows you to tune scans by prohibiting VDR from scanning specified ports to avoid potentially negative impacts to assets that may occur during the scanning process.

Viewing and Editing Scan Rules

To edit or review scan rules, follow these steps:

  1. Access the System menu by selecting the Account circle in the upper right, and then choose Settings.
  2. Select Scan Rules from the left panel.
  3. Previously created scan rules display with Rule Name, Condition and Action, Affected Assets, and Status. From here, edit, enable, disable, or delete scan rules.

Adding a Scan Rule

To add a scan rule, follow these steps:

  1. Access the System menu by selecting the Account circle in the upper right, and then choose Settings.
  2. Select Scan Rules from the left panel.
  3. Select Add Scan Rule from the top right.
  4. The Add Scan Rule module displays. Enter the following information:
    • Rule Name — Enter a descriptive name for the scan rule.
    • Set Conditions — Define which assets the rule is applied to. This can be done by specifying the IP Address or Network, assets associated with an Edge Service, or assets associated with a certain Tag.
    • Set Action:
      • Select Do not scan these Ports and then select Port Type (TCP or UDP) and enter Port Numbers. These ports will be excluded in VDR scans.
      • Select Assume static IP addressing. This disables reallocation of assets in VDR based on fingerprinting and the IP is taken as the asset identity. This can be useful in environments where DNS is unreliable or when multiple assets expose the same fingerprints (SSL certificate, SSH identities, etc.) in order to avoid potential asset duplication.
      • Select Apply Gentle Scanning scan rule. Gentle scanning lowers the intensity of the scan by allowing more gracious timeouts, reducing concurrency, and cutting out virtual host detection entirely. It can help with completing scans on low-powered assets; however, it can increase the overall duration, and virtual host discovery will need to be carried out manually by reviewing the webserver configuration.
      • Select Disable Default Password and Common Credential Checks scan rule. This disables VDR's password and credential detections that can result in account lockouts.

 

On this page: