Policy scanning

How do I set up a Policy scan?

To be able to run a Policy scan, you first need to set up a Policy scan profile:
https://support.holmsecurity.com/hc/en-us/articles/360017067920

This article will guide you in setting up a policy scan and scheduling a policy scan:

  1. Log in to the Security Center
  2. Click on Scan Network
  3. Click on +Add Scan > Policy scan 
  4. Under the headline General information enter the following:
    • Name: the name of the scan, e.g., Policy scan Microsoft Office
    • Owner: the owner of the scan. Will be the one receiving notifications for the schedule.
    • Scan profile: select the scan profile for the schedule.
  5. Under the headline Targets enter the following:
    • IPs/Ranges: the targets for your scan. It can be a specific host, network, or range of IPs. You can add any number of hosts.
    • Include all hosts in IP range belonging to the tag: if you want all IPs in an address range to be included if a tag matches an IP range asset, even if each host doesn’t have the specific tag.
    • Select tags: Select the preferred tags you wish to use as the target for the scan.
    • Include hosts: Include assets with all or any specific tags you enter.
    • Do not Include hosts: Exclude assets with all or any specific tags you enter.
  6. Under the headline Schedule enter the following:
    • Schedule enabled: Select if you want to run Recurrent scans or once at a scheduled time.
    • Start: select the first start date and time. Notice that reoccurring scans will start at the time set here.
    • Timezone: select the time zone for the schedule.
    • Repeat: Select daily, weekly, or monthly between the scans.
    • Every: The occurrence in combination with the values selected in repeat and day 
    • Day: Select which day you want the scans to run.
  7. Under the headline Notifications, enter information about notifications sent before the scheduled scan and when the scheduled scan is finished.
    • Under Notification before the scan starts, enter the following:
    • Notify the scan owner before the scan starts: check to enable.
    • Notify before the scan starts: select how long before the scan the notifications should be sent. The default is 1 hour.
    • Subject: enter a custom subject for the Notification, or use default.
    • Sender name: enter a custom sender name for the Notification, or use default.
    • Sender email: enter a custom sender email for the Notification, or use the default. If you use your email (e.g., notifications@yourbusiness.com) address, please add the following SPF record for the domain (e.g., business.com) to avoid problems receiving the emails:
      http://support.holmsecurity.com/hc/en-us/articles/213446285
    • Recipients: Enter additional recipients for the notifications.
    • Message: Enter a custom message for the Notification, or use default.
    • Under Notification for finished scan, enter the following:
    • Notify the scan owner when this scan is finished: check to enable.
    • Subject: enter a custom subject for the Notification, or use default.
    • Sender name: enter a custom sender name for the Notification, or use default.
    • Sender email: enter a custom sender email for the Notification, or use the default.
    • Also, send Notifications to the following email addresses: enter additional recipients for the notifications.
    • Message: enter a custom message for the Notification, or use default.
  8. Click OK.
  9. The policy scan will now run, and a notification will be sent (if activated) according to the schedule.
  10. Done!