Modifying a Custom Scan Profile

Applies to Product: USM Appliance™ AlienVault OSSIM®

To modify a custom profile for vulnerability scans

  1. Go to Environment > Vulnerabilities > Overview, and click Profiles.
  2. Click the pencil (pencil icon) icon of the profile you want to modify.

    The Edit Profile: <name of profile> popup displays.

    Edit Profile popup from Overview.

    Note: Only admin and global admin accounts can modify a custom profile. Non-admin users can only edit the profiles they've created. USM Appliance built-in scan profiles can't be modified.

  3. Modify the settings as needed.

    Options available in a custom profile

    Option

    Description

    Edit

    Allows users to modify the name, description, owner, and the auto-enable families for the profile.

    Edit Plugins

    Allows for detailed adjustment of the plugins that the AlienVault vulnerability scanner uses to scan your assets. USM Appliance displays the number of plugins available as well as the number of plugins enabled in the current profile.

    Edit Prefs

    Allows for personalized configuration for each profile.

    These preferences are generated dynamically. They may change after an AlienVault Lab Intelligence Update.

    View Config

    Shows the final configuration.

    USM Appliance displays the preferences selected in the previous option in plain text.

  4. Click Update.

    USM Appliance displays "Update Status" at the top of the page.

    After it completes, the vulnerabilities overview page displays.

To enable or disable specific plugins

  1. Click Edit Plugins when editing a profile.

    USM Appliance displays the list of plugins with search options: Family, Category, Vulnerability Name, and CVE.

    Edit Profile popup from Overview.

  2. Use one of the options to search, depending on what you are looking for.

    USM Appliance displays the list of plugins based on your selection.

    Edit Profile popup from Overview.

  3. Select the plugins you want to enable or disable, and then click Save.
  4. Alternatively, use the Search Actions > Enable All/Disable All buttons to enable or disable all the plugins belonging to the same group.

To search the Threat Database for available plugins

  1. Go to Environment > Vulnerabilities > Threat Database.

    USM Appliance displays the threat families with the number of plugins in each severity.

    Environment > Vulnerabilities > Threat Database

  2. Use one of the four methods, Date Range, Keywords, CVE ID, and Risk Factor, to search for the plugin you want.

  3. Click Search.

    This returns a list of the plugins related to the search. Hovering the mouse over an ID will display the plugin details.

    Search results for Plugin on Threat Database page.

Note: The CVE links take you to the corresponding Vulnerability Details page on http://www.cvedetails.com.