This article provides information on Scanning Profiles in LanGuard, which may be helpful for support agents when working on cases related to Interactive or Agent scans.
Scanning Profiles are customizable, and the system comes with a set of defaults. The most commonly used profile is the Default Full Scan, because this is a combination scan of missing patches, vulnerabilities, and generally all items LanGuard is designed to look for. Choosing what to scan for is as important as selecting the correct type. Refer to Available Scanning Profiles in LanGuard for additional information.
The list of patches and items we can detect is continuously updated. We receive, on average, two definition updates per week from the Content team, and they include updates to third-party software, Microsoft's updates releases, and any application updates that we have developed.
When editing your Scanning Profile, the editor is broken down into three main sections (refer to Personalizing a Scanning Profile for instructions to customize a Scanning Profile):
- Vulnerability Assessment Options: This option performs specific checks, e.g., OVAL or CVE vulnerabilities, and tests for patches, installed or otherwise.
- Network and Software Audit Options: This option allows port scanning, system enumeration, and necessary OS information.
- Scanner Options: This section deals with timeouts and other options for scanning. Refer to Changing the Number of Scanning Threads Used by LanGuard for additional information on this topic.
Every customer environment is different, and as a consequence, they may require different scans or options within the scan. Most customized profiles will start from the default Full Scan, but this will vary depending on what you are trying to edit. If you find yourself in need of modifying the Scan Profile, you should first determine for what purpose is the end-user is trying to change the detection.
Making changes at the Scan Profile level will prevent the need to acknowledge or ignore specific patches from the dashboard individually and manually, and it will allow the item not to be detected at the scan level. Keeping in mind that LanGuard only imports what is detected during the scan, removing checks for individual items is sometimes more beneficial than hiding it.
Speaking to environmental variables, LanGuard does support scanning Mac and Linux devices via an Interactive scan; however, depending on the level of security in the environment, the default SSH port may have been changed (refer to Unable to Scan Mac Computers: The SSH connection failed with error 'Error connecting to SSH: 10061' for more information). This is not something LanGuard does automatically and must be changed in the configuration of the scan to match the customer’s variable; this is why you need the environmental information from the customer upfront, so you can determine what sections of the product may be adjusted from their defaults, or what will need to be changed.