Project

General

Profile

Setting up a Scan » History » Version 11

Luke Murphey, 10/01/2010 04:23 PM

1 8 Luke Murphey
{{>toc}}
2 6 Luke Murphey
3 1 Luke Murphey
h1. Setting up a Scan
4 1 Luke Murphey
5 11 Luke Murphey
The instructions below will walk you through how to begin monitoring a site with NSIA. You can also download the "Quick start guide":http://threatfactor.com/media/misc/Quick%20Start%20Guide.pdf
6 7 Luke Murphey
7 1 Luke Murphey
h2. Create a Site-Group
8 1 Luke Murphey
9 2 Luke Murphey
Create a Site-Group that will contain the rules. Typically, the Site-Group is named after the domain name or organization that owns the sites to be monitored.
10 1 Luke Murphey
11 3 Luke Murphey
!Site_Group_Edit.png!
12 1 Luke Murphey
13 1 Luke Murphey
h2. Create a Rule
14 1 Luke Murphey
15 3 Luke Murphey
Within the Site-Group just just created, click the link "Create Rule Now" to add a new rule. Next, click "HTTP Content Auto-Discovery" to create a rule to scan your website.
16 3 Luke Murphey
17 4 Luke Murphey
!Select_Rule_Type.png!
18 4 Luke Murphey
19 3 Luke Murphey
Complete the form to create the rule. Below is a description of the relevant fields:
20 1 Luke Murphey
21 4 Luke Murphey
* *Scan Frequency:* defines how often the scan rule will be executed
22 4 Luke Murphey
* *Addresses to Scan:* the list of addresses to start scanning from
23 4 Luke Murphey
* *Domain*: a domain specifying the domain to scan (such as *threatfactor.com*)
24 4 Luke Murphey
* *Maximum Number of Resources to Scan:* sets the maximum number of URLs that will be scanned
25 4 Luke Murphey
* *Scan External Linked Content:* if checked, NSIA will scan the first page of every website that you site links to
26 1 Luke Murphey
27 4 Luke Murphey
!Creating_a_Rule.png!
28 1 Luke Murphey
29 4 Luke Murphey
Press the button to create the rule once your are done; this will return you to the list of rules.
30 1 Luke Murphey
31 4 Luke Murphey
!Rules_List__not_yet_scanned_.png!
32 1 Luke Murphey
33 4 Luke Murphey
h2. Perform the Initial Scan
34 1 Luke Murphey
35 4 Luke Murphey
Perform an initial scan to see what NSIA observes. After performing the scan we will look at the results and filter out the results or update the scan policy as needed.
36 4 Luke Murphey
37 4 Luke Murphey
!Scanning.png!
38 4 Luke Murphey
39 4 Luke Murphey
h2. Reviewing the Scan Results
40 4 Luke Murphey
41 4 Luke Murphey
Once the scan is complete, click "Scan History" link to see the scan report list.
42 10 Luke Murphey
43 4 Luke Murphey
!Rules_List__deviations_.png!
44 4 Luke Murphey
45 4 Luke Murphey
Then click the most current scan report.
46 10 Luke Murphey
47 4 Luke Murphey
!Scan_History.png!
48 4 Luke Murphey
49 4 Luke Murphey
You can manually create exceptions for the findings by clicking the filter icon next to the definition name or by selecting "Create Exception". Otherwise, you can use the automatic baselining feature to create exception automatically (see next step below).
50 4 Luke Murphey
51 4 Luke Murphey
!Scan_Report_Detailed.png!
52 4 Luke Murphey
53 1 Luke Murphey
h2. Baselining the Rule
54 4 Luke Murphey
55 9 Luke Murphey
NSIA can automatically baseline itself against your website by baselining the current content. To baseline a rule, select "Baseline" form the rules list.