NGAF Passive Vulnerability Scan

AimanHakim Lv2Posted 2023-Oct-31 10:18

Last edited by AimanHakim 31 Oct 2023 10:19.

Hi guys, I have a problem regarding the passive vulnerability scanning for the Business Asset Security. Even though I've enabled the passive scanning in policy, no data. Here's my output:



Here's my configurations for the policy. For clarification the virtual untrust is the WAN zone while the trust is the LAN zone. The template used for Basic Protection and Detection and Response is default template.


The passive vulnerability scanning is enabled


So far the other features in SOC such as Summary and Attack Events in Business Asset Security and User Security works. Btw, all policy are allow all.

So here are my questions:

1. Is that is it possible the scanned servers are so well protected that there's no output generated?
2  If it's not, then is my configurations are wrong then?

This topic contains more resources

You must log in to download or view the file. Not registered yet? Register

x

RegiBoy has solved this question and earned 20 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

The scanned servers may be well-protected, resulting in no output being generated by the passive vulnerability scanning. Passive vulnerability scanning relies on analyzing network traffic and documents to gather information about the systems and software versions in use by a company
Is this answer helpful?
jerome_itable Lv3Posted 2023-Nov-09 08:14
  
Yes, it is possible that the scanned servers are so well protected that there is no output generated. This is because passive vulnerability scanners only collect information that is passively available on the network, such as network traffic and logs. If the servers are configured to not disclose any information about their vulnerabilities, then the passive scanner will not be able to identify any vulnerabilities.

Here are some possible reasons why the passive vulnerability scanner might not be generating any output:

    The servers are not responding to the scanner's probes. This could be because the servers are not configured to respond to probes, or because the scanner is not sending probes to the correct ports.
    The servers are using encryption to protect their traffic. This will prevent the scanner from being able to read the traffic and identify any vulnerabilities.
    The servers are using firewalls to block the scanner's probes. This could be because the firewalls are not configured to allow traffic from the scanner, or because the scanner is not using the correct IP addresses or ports.

If you are concerned that your servers might be so well protected that they are not being properly scanned, you could try using an active vulnerability scanner. Active scanners send probes directly to the servers, which can help to identify vulnerabilities that would not be detected by a passive scanner.

Here are some additional things you can do to troubleshoot the problem:

    Check the scanner's logs to see if there are any errors being reported. This could help to identify the cause of the problem.
    Make sure that the scanner is configured correctly. This includes checking that the scanner is using the correct IP addresses, ports, and credentials.
    Try scanning the servers from a different network segment. This could help to rule out any problems with the network configuration.
Farina Ahmed Lv5Posted 2023-Nov-08 17:58
  
To troubleshoot this, ensure that the passive scanning configuration is correctly set up within the default template for Basic Protection and Detection and Response. Verify that the network traffic is properly reaching the scanning tool within the defined policy scope. Check if there are any firewall rules or network configurations in the virtual untrust (WAN) and trust (LAN) zones that might be blocking or interfering with the scanning process. Reviewing these settings and confirming the correct configuration of both the scanning tool and network zones should help identify and resolve the problem.
Happpy Lv3Posted 2023-Nov-08 15:45
  
Check for any logs or diagnostics related to the passive scanning process. They can provide insight into any errors or issues that might be occurring.
Fuji12 Lv3Posted 2023-Nov-08 15:44
  
Try reaching out to the support team for the specific security software you're using. They might be able to provide more specific guidance based on the software's capabilities and your configuration.
Jigen87 Lv3Posted 2023-Nov-08 15:43
  
Passive scanning relies on network traffic to identify vulnerabilities. If there is minimal or no network activity on the servers you're scanning, this can also result in limited or no data.
damulagski Lv3Posted 2023-Nov-08 15:43
  
Passive scanning may take some time to collect sufficient data and identify vulnerabilities. The lack of immediate results doesn't necessarily mean something is wrong. Give it some time to collect data and generate reports.
JoanaPatricia Lv2Posted 2023-Nov-08 15:42
  
It's possible that the servers you are scanning are indeed well-protected and have no known vulnerabilities. Passive scanning relies on identifying vulnerabilities based on the network traffic and behavior. If your servers are up-to-date with patches and well-secured, there may be no vulnerabilities to report.
Rica Cortez Lv2Posted 2023-Nov-08 15:42
  
Servers must be identify first and make an object
Carem Lv2Posted 2023-Nov-08 15:40
  
Confirm that the firewall rules are correctly configured to allow the traffic needed for passive scanning. If the traffic is blocked, the scanning data won't be collected. Ensure that the scanning traffic is allowed in your security policy.
soneosansan Lv3Posted 2023-Nov-08 15:39
  
Ensure that the passive vulnerability scanning feature is correctly configured in your security policy. Double-check the policy settings, and make sure that the passive scanning feature is properly enabled.

I Can Help:

Change

Moderator on This Board

11
8
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
138
3

Started Topics

Followers

Follow

Board Leaders