Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Install Security Analysis Solution

For instructions on how to install Security Analysis Solution (SAS), go to Install Arellia Products.

 

Import SCAP Content

 

...

Import Security Content Automation Protocol (SCAP) content into the Arellia Management Server:

  1. In the Security Manager console, click the Profiles tab.
  2. In the bottom left pane under Actions, click the Download Profiles...

...

  1. link.
  2. Locate the system profiles and

...

  1. click the check boxes of those you want to import.
  2. Click the Import Profiles button to start the import process.

 

Completion Expectations

Icon

The importing of the SCAP profiles is a time-consuming process and could take anywhere from 5 to 90 minutes, depending on the load on the server and the number of profiles selected. For evaluation or demonstration purposes, we recommend you initially select only one or two profiles.

 

Note:

Icon

Some profiles have multiple versions listed, depending on which version of the OVAL specification you're interested in analyzing. If

...

you're not sure which version to import, then select the newest version (typically, you don't need more than one version of each profile).

 

Tip
titleNote

Importing SCAP profiles can be time consuming, taking anywhere from five to ninety minutes depending on the server load and the number of profiles selected. For evaluation or demonstration purposes, we recommend you initially select only one or two profiles.

 

Next Steps
  • Once the profiles have been imported, the Common Platform Enumeration (CPE) Analysis Policymust be run on the managed computers to determine which computers meet the requirements for the profiles imported. By default, this task is run on the Daily schedule (nightly at 2:00 AM). If you would like to hurry this process along, visit the Common Platform Enumeration (CPE) Analysis Policy on the Policies tab under the Security Analysis folder and alter the schedule to suit your needs. This only needs to run once new profiles have been initially imported and whenever any new computers come in to be managed. For more information, see Targeting Managed Computers.
  • After the CPE analysis policy has completed and determined which computers fit the requirements of the profiles, you will then create a Security Analysis and Remediation Policy, where you will select the profile, verify the targets and set the schedule for performing an assessment and possibly remediation. For more information on this process, see [EDITING] Create a Security Analysis Policy.