Vulnerability Scanning

Note

This chapter only applies to the Pro Sensors.


Pulse can perform vulnerability scanning of network hosts (assets) using a customized implementation of Open Vulnerability Assessment System (OpenVAS). This un-credentialed vulnerability scan will scan the network or specified network assets for a breadth of vulnerability types and score them based on their criticality.

Important

The implementation of OpenVAS provided for use when performing vulnerability scanning  within Pulse has been customized to scan and probe for vulnerabilities considered to be safe to look for without causing disruption to the asset being scanned. As a result of this approach it is important to recognize the type and number vulnerabilities identified will be less than that of what a commercial vulnerability scanner will identify. Enabling the use of the vulnerability scanning functionality within Pulse should not be construed as a solution to replace a commercial vulnerability scanning solution.


Scanning for vulnerabilities can be a time-consuming and intensive process based on the type of targets and the size of the network to be scanned. In Pulse, vulnerability scanning can be configured to scan an individual IP address or an IP range specified in the form or x.x.x.x-x.x.x.y (recommended nothing greater than 250 assets).

Blacklisting targets is done through the Pwnscan configuration, which is applied as iptables rules system-wide.

To perform vulnerability scans in Pulse, add Tasks to scan desired subnets, and turn on the OpenVAS service, as described in the following sections.

Configuring the OpenVAS Vulnerability Scan Task

To ensure proper network and sensor performance, limit frequency of OpenVAS scans as follows:

  • A single IP target with a maximum frequency of daily
  • Up to 254 hosts (/24 subnet) with a maximum frequency of weekly

If you perform vulnerability scans on multiple subnets, it is strongly recommended to schedule the tasks using multiple, staggered tasks set to run at different times.

Where possible, schedule vulnerability scans for off-hours to minimize any potential network impact.

Adding a New Vulnerability Scan Task

To add a new vulnerability scan task:

  1. Log into Pulse and open the Tasks tab.
  2. Click Add Task.
  3. On the New Task page, complete task settings as follows.

    SettingDescription 
    NameAssign name for Vulnerability Scan Task.
    EnabledSelect to enable the task (required for task to run).
    ScriptThe Script drop-down will display all Tasks currently in Pulse. Select the Task: Vulnerability Scan: Simple
    TargetEnter the desired target IP (e.g. x.x.x.x) or range (e.g. x.x.x.x-x.x.x.y) to be scanned.
    Add toSelect whether to run this task against a single sensor, or a group of sensors.
    Starts atSchedule when you want the task to run—default is the current time.
    RepeatsSelect whether and how frequently to repeat the task.


  4. Click Save.

The task begins automatically at the specified start time, and runs against the sensors selected.

Turning On the OpenVAS Service

To turn on the OpenVAS service:

  1. In the Pulse web application, open the Sensors tab.
  2. Select the sensor you want to scan.
  3. On the sensor profile page, open the Services tab.
  4. Click OpenVAS Service to turn on the service.


After a vulnerability scanning task completes, Pulse presents the vulnerabilities discovered on the Vulnerabilities page of the Assets tab of the web application. The Network Host view on the Assets tab also displays any detected vulnerabilities for individual network hosts on their profile pages.

Note

For details about vulnerability scanning with OpenVAS, see the document

Best Practices – Vulnerability Scanning with OpenVAS in Pulse