[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [ISSForum] Scans from SP 2.0 Console and Internet scanner
We had similar concerns where an Internet Scanner scan run from SiteProtector would not show up in the report screens in the Internet Scanner console. Tech Support provided the following. It's not a perfect fix, but we find it better easier running two scans.
Something to be aware of if you make this setting change: There is no "selective delete" function in the local Internet Scanner database, so you have to purge the entire report database at once.
Hope this helps.
Jefferson Pilot Financial
RealSecure SiteProtector automatically purges information from your
local Internet Scanner database after each scan. This decreases the size
of your Internet Scanner database, improving overall performance by
maintaining the size of the database, and ensuring that the database
does not exceed its 2 GB maximum capacity. The side affect of purging
the local Scanner database is that reports cannot be run against that
data from the Internet Scanner local console.
Note: Internet Scanner maintains its own database even when installed
without a local Internet Scanner Console.
RealSecure SiteProtector 2.0 (Service Pack 2) with Internet Scanner 7.0
Users can also set their SiteProtector system to retain Internet
Scanner database information in the local Scanner Database by adjusting
the "PurgeCompletedScan" parameter in the issdkinterface.policy file.
To adjust the "PurgeCompletedScan" parameter:
1. Go to the SiteProtector Application Server computer.
2. Open the issdkinterface.policy file.
By default, the issdkinterface.policy file is located in the
/Program Files/iss/RealSecure SiteProtector/Application Server/config
3. Do one of the following:
- To enable the Internet Scanner database purge (this is the
default setting), set the "PurgeCompletedScan" parameter to
read as follows:
PurgeCompletedScan = B 1;
- To disable the Internet Scanner database purge, set the
"PurgeCompletedScan" to read as follows:
PurgeCompletedScan = B 0;
4. Restart the Sensor Controller Service.
From: Robert Craig [mailto:rjc@xxxxxxxxxx]
Sent: Thursday, October 09, 2003 10:23 AM
To: ITSec; MeaCulpa; issforum@xxxxxxx
Subject: RE: [ISSForum] Scans from SP 2.0 Console and Internet scanner
If you want to get the standard reports that most people are used to from an ISS Scan, you'll need to also run a separate scan from the ISS Scanner Console against the server/system. See ISS Knowledgebase Answer ID 2115 for more details. Seems ISS deliberately disabled ISS Scanner Console scans from populating the SiteProtector database. It would be a great feature if there was an option available to also send data to SiteProtector when running independent ISS Scanner Console scans.
There has also been some forum discussion regarding having the ISS Scanner Console scans using a remote centralized database for storage but I believe this is not currently supported. I've tried to set it up myself, and have not been able to get the local ISS Scanner Console to recognize the remote database even when setting up a separate DSN that does communicate properly with the database. Seems the only way to consolidate scanning data is to export/import from the Desktop SQL install required by the ISS Scanner install.
I'm hoping the ISS will more closely integrate the independent scans with SiteProtector, or at least add an option when you run a scan to send the data to SiteProtector. Either that or improve the vuln. reports within SiteProtector.
Robert J. Craig, CISM, CISSP
Senior Security Engineer
13525 Dulles Technology Drive
Herndon, VA 20171
(703) 832-4505 fax
ISSForum mailing list
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo