Creating your first site
Before you create your first Site, take a few minutes to think about what you will need to do to create an effective, efficient vulnerability management workflow. Answering these questions will provide you with the necessary framework to create Sites, Asset Groups and Tags.
Who needs access to solutions and results?
In a smaller company, one person may handle all security tasks. He or she will be a Global Administrator, initiating scans, reviewing reports, and performing remediation. At a larger company there is a wider complex network, spanning multiple physical locations and IP address segments. The size of your company will determine user roles.The key to a successful vulnerability management program is more than just running scans. You need to be thoughtful about who will need to see scan results, who will be responsible for remediating discovered vulnerabilities, and who will need to have access to solutions to configure scans. For more guidance on creating users, defining user permissions, and leveraging single sign on solutions to minimize administrative overhead of users, review the help article on managing users and authentication.
How should I organize my assets?
How should I organize my assets?
After you run a scan and have data to distribute, you’ll need to select a “scope” for reports. Having the ability to select an Asset Group by OS, which contains only the assets that the recipient of the report manages, will be helpful.
Who applies patches, updates, configuration changes and how?
When you send a vulnerability report to your IT team, it is essential to have assurance that it is being worked on, especially if there are critical vulnerabilities. You also want to be sure issues are prioritized in the right way so that deadlines are met. With different processes and tools in place, it’s important to make sure that IT teams are properly aligned on who is responsible for specific actions and what is considered effective vulnerability remediation.
Is the scan engine part of the scope of a Site and what scan engine should I use to scan Site assets?
Sites serve as scan groups in InsightVM. Some suggested ways to organize sites include based on geographical location, IP ranges, or VLANs. How you create sites is up to you, but first ask yourself:
You can deploy as many scan engines as needed to achieve the above goals. You may want to define a few larger Sites with the simple purpose of performing network discovery. The results of these discovery scans can be used to populate dynamic asset groups, which can then be utilized as the scope of assets for new Sites.