When customizing scan options in option profiles, specify which vulnerabilities should be scanned for. You can perform a complete scan, a custom scan (based on saved search lists) or select vulnerabilities to scan at run time.
For descriptions of available options, see the following:
The Complete option allows you to perform a full scan for all vulnerabilities in the KnowledgeBase. As always, the scanning engine will only run tests applicable to the host being scanned.
When selected, OVAL vulnerabilities are not included unless Oval checks is selected in the Include section.
The Custom option allows you to scan for a limited set of vulnerabilities as defined in vulnerability search lists. Add one or more search lists to the option profile. When the option profile is applied to a scan task, only the QIDs defined in the search lists are included in the scan. See Using Search Lists to learn how to add search lists to the option profile.
For an OVAL scan, it's best practice to select Custom and add a search list that includes this important diagnostic QID:
QID 105186 Errors During Execution of User-Provided Detections
Including this QID provides important information about OVAL detections, such as information about errors reported and why an OVAL detection fails.
Depending on your scan you select vulnerabilities to include as follows:
To scan for all OVAL checks in the KnowledgeBase: 1) Select Custom, 2) add a search list that includes QID 105186, and 3) select OVAL checks in the Include section.
To scan for one or more selected OVAL vulnerabilities: 1) Select Custom, and 2) add one or more search lists that include the OVAL vulnerabilities you want to scan for and QID 105186.
To learn more, see Scanning OVAL Vulnerabilities.
The Select at runtime option allows you to select the vulnerabilities you want to scan at run time. In essence, this enables you to launch a one-time custom scan. When you apply a profile with this option to an on demand scan and click Launch, a pop-up appears so that you can select the vulnerabilities to include in the scan. You may choose up to 500 vulnerabilities. After making your selection, click OK to start the scan on the selected vulnerabilities. The list of selected vulnerabilities is not saved in the option profile. This option cannot be applied to scheduled tasks.
Basic host information checks. Select to include basic host information checks for your Custom scan. The scanning engine checks for DNS hostname, NetBIOS hostname and operating system. Once this information is gathered for a host, it appears in scan reports, on the host assets list, in remediation tickets, and in other locations throughout the web application where the host is referenced. Click View list to see a complete list of QIDs included in the basic host information checks list. Note that these checks are already included in Complete scans.
OVAL checks. Select to include OVAL checks for your scan. The service scans for all OVAL vulnerabilities that have been added to the KnowledgeBase. The diagnostic QID 105186 is not included unless Custom is selected and a search list with this QID is added. To learn more, see Scanning OVAL Vulnerabilities.
The Excluded QIDs option allows you to exclude certain QIDs from scans. This is especially useful when it's known that there's a specific sensitivity in your network architecture to a particular check.
To exclude QIDs, select the Excluded QIDs check box and then add one or more search lists to the option profile. When the option profile is applied to a scan task, the QIDs defined in the search list are excluded from the scan. See Using Search Lists to learn how to add search lists to the option profile.