MSS – Analysis: Manage Authorized Scanners in MSS Customer Portal
Updated On:13-12-2016 23:35
Managed Security Services
Managing authorized scanners
Note: Please refer to the portal guide in the portal downloads section: Symantec MSS Portal Users Guide page 89
The simplest and most flexible option is for Administrators to manage their organization's authorized scanners directly in the portal. This means that scans can be authorized immediately at any time and for any time period. Activity from authorized scanners will be commented as Authorized Scanning Activity at Informational severity.
To add an authorized scanner
In the Incidents tab, click Incident Settings. The Authorized Scan feature is displayed by default.
Do one of the following:
For IPv4 or IPv6 addresses, type an IP address in the Start IP Address field. If you need to input a range of addresses, type the end of the range in the End IP Address field.
If you are using CIDR notation, type the IP address range in the CIDR Notation field.
Select a start and end date for this authorization or check the Always Authorized check box.
Type a scanner description.
To edit an authorized scanner
In the Authorized Scan grid, locate the scanner you want to edit and click the Edit button on the right.
In the Update Authorized Scan area above the grid, modify the auto-populated fields as needed.
To delete an authorized scanner
In the Authorized Scan grid, locate the scanner you want to remove and click the Delete button on the right.
In the confirmation prompt, click OK.
Creating a new Request to authorize scanning activity (Symantec MSS Portal Users Guide page 96)
If it is not possible to use the self-service option above, scanning can also be authorized by creating a Request. This will be reviewed and acknowledged by the MSS Analysis team and the scanning activity will not be considered to be authorized until this has been completed.
To create a new request
In any portal page, click the New Request link in either the upper right or lower left corner.
In the Requests topics page, in the section Notify the SOC, select the “Vulnerability Scan” type
Click the option button next to the appropriate priority level for the request.
If available, select the applicable organization.
Type detailed information regarding the request in the text boxes provided. Note that the maximum length is about 3,000 characters.
In the request form, type a reference number, if applicable.
Any authorized scan will be notified to you as ‘Authorized Scanning/Penetration Testing / Vulnerability Scan – Scheduled’ at ‘INFORMATIONAL‘ severity.