When you first start setting up InsightVM, the No. 1 thing you should be focused on is building sites, running scans, and kicking off reports to start building your vulnerability management program. Once you start feeling comfortable with the vulnerability management flow, policy scanning should be the next thing to look at.
Getting started with policy scanning
Note: When we talk about policy scanning in InsightVM, we are talking about system hardening guidelines generally from the Center for Internet Security (CIS). We also include FDCC, DISASTIGS, USGCB, and custom upload options.
InsightVM’s policy management features are robust enough to do both targeted and system-wide scanning to see how your assets stack up against a policy guideline. Notice the word “guideline,” here—most policies are not hard-in-stone requirements and generally need to be tuned to your organization's internal requirements. InsightVM has a great cloud-based policy editor that will make it easy to do these customizations as needed. Customizing a policy template may be the best option early on, as most built-in policies may be a little too aggressive when just starting out.
I generally recommend that customers focus on a best impact strategy that requires minimal effort so you can focus on vulnerability management. In this blog, we are going to talk about a recommended workflow for doing basic policy scans for OS-specific policy scanning. This should allow you to start planting the seeds for success early on. Most organizations have four or five primary operating systems, which will equate to four or five addition ..
Support the originator by clicking the read the rest link below.
