Create and Edit Sites

Sites help you to group together similar types of assets for scanning. After you have identified the assets you want to scan, you can assign scan templates and scan engines, and automate the scanning activity by creating a schedule.

You can populate your site with assets either by entering their hostnames or IP addresses or by configuring a dynamic discovery connection.

Create a site

You can configure your site with the basic settings, or you can use optional settings to customize the site–and therefore your scans–to the needs of your organization.

Creating and managing a site can involve configuring multiple settings, which are grouped into dedicated tabs.

However, to create a site quickly with no extra configuration, you must decide whether you want to populate the site with assets manually, using their hostnames or IP addresses (a standard site), or using a dynamic discovery connection.

The essential requirements of these site types are:

• Standard site - Enter a name and specify at least one asset.
• Dynamic site - Enter a name and specify a discovery connection.

All other settings are optional, however, it is recommended that you use a distributed scan engine or pool and create at least one scan schedule.

Requirements

• Ensure that you have configured a scan engine or engine pool for this site in Scan Engine Management. Rapid7 recommends using a distributed scan engine for optimal performance.
• Decide whether you want to use an existing scan template or configure a custom scan template.
• Before you begin, read about the best practices for adding assets.

Task 1: Open the Site configuration screen

1. On the home page, click Create > Site.
2. In the Create a Site modal, name your site and select from one of these options:
   • Hostnames or IP Addresses - Add assets to your site by entering their hostnames or IP Addresses.
   • Discovery Connection - Add assets to your site through a dynamic discovery connection.
3. Click Create.

Task 2: Complete the fields on the Details tab

1. Name and describe your site.
2. If you are using a weighted risk strategy, set the level of importance that this site and its assets should have.
3. Optionally, apply tags according to the site's Criticality, Location, Owner, and your own custom tags. The tags you add to a site will apply to all of the member assets. For more information, read Applying RealContext with tags.
4. Select the users who will be site owners. For more information, read Giving users access to a site.
5. Optionally, click Add Organization Details to enter your company information. The information you add to these fields is used in PCI reports.

Task 3: Complete the fields on the Assets tab

On the Assets tab, specify the assets you want to include in the site:

• If you selected Hostnames or IP Addresses in Task 1:
  1. In the Included Assets section, enter the hostname, IP address, or IP range of the assets you want to include in the site. You can also upload a .txt file that contains the list of assets to include.
  2. Optionally, select an existing asset group.
  3. In the Excluded Assets section, you can specify assets that you want to exclude from scanning.
• If you selected Discovery Connection in Task 1:
  1. Select the discovery connection you want to use.
  2. Optionally, add filter criteria to reduce the results to a specific set of assets.
  3. If some assets appear that you don't require, enter their hostnames or IP addresses in the Excluded Assets section.

Task 4: Complete the fields on the Authentication tab

In this task, you configure the scan credentials and set up optional Web app authentication:

1. Click Add Scan Credentials.
2. Enter a name and description that will help you to identify the credentials in the Manage Authentication tab.
3. Select the service you want to use and enter the username and password.
4. Expand the Test Credentials section.
5. Enter the IP address or hostname of the asset you want to test.
6. Enter the port number for the authentication service.
7. Click Test Credentials. A message displays showing the credential test results.
8. Click Save.

Task 5: Complete the fields on the Scanning tab

On the Scanning tab, specify the scan engine or engine pool and add a scan template. Scan engine pools share the load of a single scan across several distributed scan engines.

If you don't have a scan engine or engine pool ready for this site, create one in Scan Engine Management.

1. Choose between using either a single scan engine or an engine pool and select it from the dropdown menu.
2. To scan using the engine or pool that was most recently used for each asset, deselect the Always use the selected engine option. Note: This may result in multiple scan engines being used for this site.
3. Select a scan template. If you don't have a scan template ready to use, click Manage Scan Templates to create a custom one.

Task 6: Complete the fields on the Schedules tab

Scheduling your scans helps you to automate your vulnerability checks and ensure that they occur regularly.

To reduce the impact on your network’s bandwidth, Rapid7 recommends you follow these scheduling best practices. You can also configure scan blackouts for times when you need to guarantee full network bandwidth.

1. Click Create Scan Schedule.
2. Enter a name for the schedule.
3. Select a scan template.
4. If you don't want to use the default scan engine or pool for the site, select a different one from the dropdown menu.
5. Select one of these options to indicate the assets you want to include:
   • All assets in this site - The scan schedule will include all assets you have included in this site.
   • Only the assets I specify - The scan schedule will include only a subset of the assets in this site. Selecting this option opens fields where you can include and exclude specific assets.
6. Set the scan frequency:
   • Select your timezone.
   • Specify a start date and time.
   • Select the frequency, or to schedule a one-time scan, select Does not repeat.
   • Set the maximum duration of the scan.
   • If you have set a maximum duration, you can choose how the next scan should proceed. Choose either to restart the scan from the beginning or to continue it from the position where it previously stopped.
   • Ensure that the Activate this schedule toggle is set to ON. You can deactivate the schedule any time you need to by switching the toggle to OFF.
   • Click Create.
7. Optionally, click Create a Site Blackout. Read more about managing site-level blackouts.

Task 7: Complete the fields on the Alerts tab

To ensure that you're notified when the scan finds a critical vulnerability or if the scan stops unexpectedly, you can set up alert notifications.

1. Click Create Alert.
2. Enter a name for the alert.
3. Specify the types of scan events that you want to include in the alert notification, such as when the scan starts, stops, fails, pauses, or resumes.
4. Select the severity level of the vulnerability events that are included in the alert notification.
5. Select the categories of vulnerability events that you want to include in the alerts, for example:
   • Confirmed - Vulnerability tests, such as exploits, are returning positive results.
   • Unconfirmed - A version of the scanned software or service is known to be vulnerable, but no positive results have been found.
   • Potential - The system is unable to verify a vulnerability, however there is still a potential risk to the asset.
6. To limit the number of alert notifications you receive during a scan, enter a number in the Maximum Alerts During Scan field.
7. Select the alert method. The available methods are SMTP, SNMP, or Syslog.
8. Specify the recipients for the alert by entering their email addresses separated by commas.
9. Optionally, enter an email address that the alert is sent from.
10. To reduce the data that appears in SMTP emails, select the Limit Alert Text checkbox.
11. Click Create.

After you have added assets to the site and configured any optional settings you need, click Save or Save and Scan.

You can view your scans and their results by clicking the View Scan History button on the Site Detail page. From the Sites table, select the site and in the site details view, click View Scan History.

Understanding credential test results

Successful credential tests display a green confirmation message.

Failed tests appear in red and may display one of these messages:

• Invalid credentials - Your username and/or password were incorrect.
• Connection refused - You specified the wrong port number, the port is not open on the host, or a firewall actively blocked the connection.
• No route to host - The IP address or FQDN specified was not found on the network. This means that you entered the wrong address, the host network cannot be reached from the network subnet hosting the console, or the host is not connected.

Site Importance

The level of importance you select for your site has an impact on the risk index score of the assets in the site.

The risk index score indicates the risk that an asset poses to network security. An asset’s confirmed and unconfirmed vulnerabilities affect its risk score.

You can raise or lower the importance of your site, which affects the risk index score as follows:

• Normal (default) - Does not change the risk index.
• Very Low - Reduces the risk index to 1/3 of its initial value.
• Low - Reduces the risk index to 2/3 of its initial value.
• High - Increases the risk index to twice its initial value.
• Very High - Increases the risk index to 3 times its initial value.

For more information about asset risk scores and other ways they can be impacted, read Adjusting risk with criticality.

Edit or delete a site

To edit a site, go to the home page and scroll to the Sites table. Find the site that you want to modify and click Edit. You can update the settings on any of the tabs in the site configuration view.

For information about how to delete a site, go to Deleting sites.