4

Is there any best practices manual for Alienvault USM?

I found some information about the profiles for the vulnerability scanner but nothing about how often I should launch the scan or which categories for a custom profile are dangerous:

  • Deep - Non-destructive, full and fast scan.

  • Default - To be used when scanned system fails when overwhelmed by too many scanning requests.

  • Ultimate - Full and fast scan. Includes dangerous stress tests that have potential to induce host or system failure.

  • Custom profile

Which type of processes launch each profile? How often should I launch them?

davidb
  • 4,285
  • 3
  • 19
  • 31
Blai
  • 43
  • 3

1 Answers1

1

This cannot be answered in general because this depends on your requirements. The vulerablity scanner unitilized by Alienvaults OSSIM/USM is OpenVAS. So the right place to look after information about the processes launched is in the OpenVAS documentation.

From my experience I can tell you that an extensive test will likely cause some trouble with blackbox devices. I have seen cheap switches and embeded devices (aka IOT devices) that go down even in an allegedly non harmfull scan. This is of cause a useful result of such a scan but it is of cause not very pleasant for the users. This is why I only do default scans in the week and extensive scans at the weekend. To get a realistic result I use wake on lan to start all workstations s they can be scanned even on the weekend.

davidb
  • 4,285
  • 3
  • 19
  • 31