Creating a custom scan filter
To create a custom scan filter:
1. Right click on the Security Scanner } Scan filter node and select New } Filter... . This will bring up the new scan filter properties dialog.
Screenshot 41 - The new Scan filter properties dialog: General tab-page
2. In the General tab which opens by default, specify the name of the new scan filter.
Screenshot 42 - Filter properties dialog
3. Click on Add and select the required filter property from the provided list (for example, Operating System). The filter property defines what type of information will be extracted from the scan results (i.e. the area of interest of the scan filter).
4. Click on Next to continue.
Screenshot 43 - Filter condition properties dialog
5. Select the required filter condition from the `Conditions' drop down and specify the filter value. The filter value is the reference string that this scan filter will use in accordance with the specified condition to extract information from scan results.
6. Click on Add to continue.
NOTE: You can create multiple filter conditions for every scan filter. This allows you to create powerful filters which isolate more accurately the scan results information that you may want to analyze.
Screenshot 44 - The new Scan-Filter properties dialog: Report Items tab-page
7. Click on the Report Items tab.
8. Select the information categories/sub-nodes which will be displayed in the configuration interface at the end of the filtering process.
9. Click on OK to create the filter.
The new filter will be added as a new permanent sub-node under the Security Scanner } Scan filters node.
NOTE: To delete or customize a scan filter, right-click on the target filter and selecting Delete... or Properties respectively.
Example 1 - Create a filter which displays all computers that have a particular patch missing
In this example, we will create a filter which lists all Windows based computers that have the MS03-026 patch (i.e. the blaster virus patch) missing.
1. Right click on the Security Scanner } Scan filter node and select New } Filter... . This will bring up the new scan filter properties dialog.
2. In the filter name field type in `Missing Blaster Patch'.
3. Click on the Add button.
4. Select the `Operating System' option and then click on Next.
Screenshot 45 - Filter conditions dialog
5. From the conditions drop down select `Includes' and in the value field type in `Windows'.
6. Click on the Add button to add the condition to the filter.
Screenshot 46 - The new Scan Filter properties dialog: General tab-page
7. From the new scan filter properties dialog, click on Add to create another filter condition in which we will specify the required patch name (i.e. MS03-026).
8. From the list of filter properties, select `Patch' and then click on Next.
9. From the conditions drop down select `is not installed' and in the value field type in `MS03-026'.
10. Click on the Add button to include this condition in the scan filter.
11. Click on OK to finalize the configuration and create the filter. The new filter is added as a new permanent sub-node. (Security Scanner } Scan filter } Missing Blaster Patch).
Example 2 - Create a filter that lists all Sun stations with a web server
To create a filter which lists all Sun workstations that are running a web server on port 80, perform the following steps:
1. Right click on the Security Scanner } Scan filter node and select New } Filter.... This will bring up the new scan filter properties dialog.
2. In the filter name field type in `Sun WS web servers on port 80'.
3. Click on the Add button.
4. From the list of filter properties select `Operating System' and then click on Next.
5. From the conditions drop down select `Includes' and in the value field type in `Sun OS'.
6. Click on the Add button.
7. From the properties dialog, click on the Add button to add another filter condition.
8. Select `TCP Port' and click on Next. This will bring up again the filter conditions dialog.
9. From the conditions drop down select `is open' and in the value field type in `80'.
10. Click on the Add button to include this condition in the scan filter.
11. Click on OK to finalize the configuration and create the filter. The new filter will be added as a new permanent node. (Security Scanner } Scan filter } Sun WS web servers on port 80).
