Scanning policies

Scanning policies are used to define the days and time ranges during which one or more assets can be scanned by Cyberwatch.

They also allow customizing the analyses to run and their frequencies, along with advanced parameters like the duration of web scans for network targets.

You can define a scanning policy as the default policy. That policy will be assigned to every newly created asset.

Create and manage scanning policies

Scanning policies management is available in the Settings > Scanning policies menu.

To create a new scanning policy, click on Add.

  • The Name field is used to identify the scanning policy.
  • The Recurrence field defines the days during which the policy will be launched.
  • The Start time and End time fields define the time range during which the asset(s) will be scanned.
  • The Scheduling mode field defines the way the policy will be launched:
    • In manual mode, scans will be run only when requested by the user.
    • In automatic mode, the policy allows Cyberwatch to automatically launch scans during the defined period.

In section Analysis scripts, you can specify the custom analyses you want to run and their frequencies. The Cyberwatch analyses are always implicitly included, but you can specify them explicitly to configure a custom frequency specific to the scanning policy, or disable them by setting their frequency to Never.

Assign a scanning policy to assets

You can change the policy of an asset by opening its details page and clicking Actions > Edit the asset, or by using the policy selector in the Analyses tab.

To collectively change the policy of a set of assets, you can go the the Inventory and click Bulk edit > Update the scanning policy.

The policy can also be assigned automatically depending on search criteria by creating an assets rule.

Set the scans executed as part of a scanning policy

When a scanning policy is created, all native Cyberwatch analysis scripts are implicitly included, except for all the optional scans that can use a lot of resources.

Update the execution of a native Cyberwatch analysis script in a scanning policy

Native Cyberwatch analysis scripts are not listed from the scanning policy editing form. However, it is possible to update their recurrence or disable them by following the procedure below:

  • Go to the edit page of the desired scanning policy from the Settings > Scanning Policies menu;
  • Click on Add an analysis, then select the targeted native Cyberwatch analysis script;
  • Select a desired period to modify the execution period of the analysis script, or specify Never to completely disable it from the scanning policy.
Add an optional Cyberwatch scan in a scanning policy

On Cyberwatch, some optional scripts that do in-depth disk scans are disabled by default because they can increase the execution time as well as the consumption of I/O, RAM, and CPU resources. However, it is possible to add them to a scanning policy by following the procedure below:

  • Go to the edit page of the desired policy from the Settings > Scanning Policies menu;
  • Click on Add an analysis, then select the targeted optional script;
  • Select a desired period to define the execution period of the optional script.
Add a custom analysis script in a scanning policy

If a custom analysis script has been set up, it is possible to add it to a scanning policy so that it is executed during the scans of assets associated with this policy:

  • Go to the edit page of the desired policy from the Settings > Scanning Policies menu;
  • Click on Add an analysis, then select the targeted custom script;
  • Select a desired period to define the execution period of the script.

Practical case: Use a scanning policy

Scanning policies are mainly used to limit the scanning periods of certain assets and to add one or several optional analysis scripts.

In our case, some assets run a Java application that uses .jar dependencies managed by Maven. We aim to monitor them using the Linux applicative packages scan, which enables the retrieval and analysis of packages associated with various dependency managers (npm, yarn, maven, composer…). Since this scan is a bit more resource-intensive, we decide to perform the scans of the assets only during off-peak periods.

To implement such a policy, the procedure is as follows:

  1. Go to the Settings > Scanning Policies menu and click on Add to create a new scanning policy;
  2. In the Authorized analysis period section, specify the period as well as the desired time range. In our case, we want the analysis to be done daily, but the authorized scan window to be defined between 00:00 and 06:00 in the morning;
  3. In the Analysis Scripts section, click on Add an analysis and select Linux applicative packages scan with a recurrence of 12 hours.
  4. Save this new scanning policy, then associate it with the desired assets.

From now, all assets which have this scanning policy set will be scanned between midnight and 6 am, daily, and the applicative packages will be reported.


Back to top