Creating and Running Security Scan Jobs

Security Scan Jobs allow users to create and schedule SCAP program (Security Content Automation Program) scans for groups of managed systems. These Jobs can call in existing SCAP packages and checklists, which are used to scan the targeted systems on-demand or on a scheduled basis. Historical data for these scans is saved in the Job Execution list and in the software section of server detail pages. Detailed scan reports can also be viewed for each system as needed once the scan is complete. See the SCAP documentation on the NIST website for information on developing your own scanning procedures.

Note

Creating and editing Security Scan Jobs requires the “Security: Scanning” Role permission set to Full. Viewing Security Scan Jobs and seeing the results for scanned servers requires at least a Read-level permission.

Add a new Security Package

  1. Navigate to Provisioning > Jobs > Security Packages Tab

  2. Click +ADD > SCAP Package

  3. Provide a name in addition to a URL to source the package

  4. Click SAVE CHANGES

Note

Currently URL is the only source option for security packages

../../_images/1add_package.png

Add a new Security Scan Job

  1. Navigate to Provisioning > Jobs > Jobs Tab

  2. Click +ADD

  3. Set the Job type to “Security Scan Job” and provide a friendly name for the Job

  4. Click NEXT

    ../../_images/2new_job.png
  5. Select a security package, see the previous section to add a new one

  6. Enter your Scan Checklist (XML document) and Security Profile (XCCDF document), more information on these can be found in the SCAP documentation linked above

  7. Set a schedule or leave as Manual to only run this scan on-demand (new execution schedules can be created in Provisioning > Automation if needed)

  8. Set the context, can be Instance or Server. Select as many Instances or Servers as needed for this scanning run

  9. Click NEXT

  10. After final review, click COMPLETE

    ../../_images/3job_details.png

Running Security Scan Jobs

Once created, Security Scan Jobs will run based on the configured schedule. They can also be run on-demand when needed:

  1. Navigate to Provisioning > Jobs > Jobs Tab

  2. Click MORE

  3. Click “Execute”

    ../../_images/4execute_scan.png

Viewing Completed Security Scan Jobs

To view a list of completed Security Scan Jobs (and Jobs of other types):

  1. Navigate to Provisioning > Jobs > Job Executions Tab

  2. Additional details can be viewed by clicking (i)

    ../../_images/5execution_list.png

To view scan results for specific servers:

  1. Navigate to the server detail page (Infrastructure > Hosts > Virtual Machines tab > Selected server)

  2. Click on the Software tab part way down the page, then click on the Security subtab

  3. High level details on previous scans is viewable here

    ../../_images/6server_results.png
  4. To view the full report, click (i)

    ../../_images/7scan_report.png

Security Drift

In addition to tracking the scan results over time as described in the previous section, Morpheus also provides detail into the change from the most recent scan to the one prior. This information is displayed in the Software tab (and Security subtab) of the detail page for the virtual machine (accessed from the associated Instance detail page or at Infrastructure > Hosts > Virtual Machines). The information surfaced by this view is listed below. If there is no change, you’ll simply see a “No Drift” message.

  • Title: The criteria for the test that has newly passed or failed

  • Severity: The severity level for the indicated security requirement

  • Result: The indicator for whether this test has newly passed or failed

  • New Pass: The number of tests that have newly passed compared to the prior scan

  • New Fail: The number of tests that have newly failed compared to the prior scan

  • Status: An indicator of the change in security posture since the prior scan. A net gain in test failures will yield a negative status indicator while net gains in passed tests (or no change) will yield a positive status indicator

../../_images/8securityDrift.png