Chatee ahora con Soporte
Chat con el soporte

KACE Systems Management Appliance 13.2 Common Documents - Administrator Guide

About the KACE Systems Management Appliance Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Managing user notifications Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Deploying the KACE Agent to managed devices Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Registering KACE Agent with the appliance Provisioning the KACE Agent Manually deploying the KACE Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles Using Task Chains
Patching devices and maintaining security
Using the Security Dashboard About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Windows Feature Updates Managing Dell devices and updates Managing Linux package upgrades Maintaining device and appliance security Manage quarantined file attachments
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the appliance
Appendixes Glossary About us Legal notices

Configure OVAL Settings

Understanding OVAL tests and definitions

OVAL definitions contain the information required to perform OVAL tests. This information can include checks for registry entries, file versions, and WMI (Windows Management Instrumentation) data.

OVAL test definitions pass through a series of phases before being released. Depending on where a definition is in this process, it is assigned one of the following status values:

Status

Description

Draft

Indicates that the definition is assigned an OVAL ID number and is under discussion on the Community Forum and by the OVAL Board.

Interim

Indicates that the definition is under review by the OVAL Board and available for discussion on the Community Forum. Definitions are generally assigned this status for two weeks, unless additional changes or discussions are required.

Accepted

Indicates that the definition has passed the Interim stage and is posted on the OVAL Definition pages. All history of discussions pertaining to Accepted definitions are linked from the OVAL definition.

Other possible status values include:

For more information about the stages of OVAL definitions, go to http://cve.mitre.org.

When OVAL tests are enabled, all available OVAL tests run on the target devices.

OVAL test details do not indicate the severity of the vulnerability. Use your own judgment to determine whether to test your network for the presence of a particular vulnerability.

View OVAL tests and definitions

You can view OVAL tests and definitions in the Administrator Console.

1.
Go to the OVAL Catalog list:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click OVAL Scan.
c.
On the OVAL Scan panel, click Catalog.
2.
Optional: Limit which tests are displayed by using the View By drop-down list or Search field to find OVAL tests by OVAL-ID, CVE Number, operating system, or text.
3.
Click a Name link in the OVAL Catalog list.
The OVAL Definition Detail page displays the following information:

Field

Description

OVAL-ID

The status of the vulnerability following the OVAL-ID. Possible values are Draft, Interim, or Accepted.

Class

The nature of the vulnerability. Possible values are: Compliance, Deprecated, Patch, and Vulnerability.

Ref-ID

A link to additional details about the vulnerability.

Description

The common definition of the vulnerability as found on the CVE list.

Definition

The steps used to test whether the vulnerability exists.

The table at the bottom of the OVAL Tests: Definition page displays the list of devices in your network that contain the vulnerability. For convenience, a printer-friendly version of this data is available.

Running OVAL tests

The appliance runs OVAL tests automatically based on the schedule specified in OVAL Settings.

It takes approximately one hour to run OVAL tests. In addition, OVAL Tests consume a large amount of memory and CPU resources, which might affect the performance of target devices. To minimize the disruption to users, run OVAL tests weekly or monthly and during hours when users are least likely to be inconvenienced.

In addition, you can run OVAL tests manually by logging in to the device as Administrator and running debug.bat. This file is usually located in the program data directory. For example: C:\ProgramData\Quest\KACE\kbots_cache\packages\kbots\9

Using labels to restrict OVAL tests

If you are running OVAL tests periodically or if you want to obtain the OVAL test results for only a few devices, you can assign a label to those devices. You can then use the Run Now function to run OVAL tests on those devices only.

For more information about using labels, see About labels.

Understanding OVAL updates

The appliance checks for new OVAL definitions every night, but you should expect new definitions every month. If OVAL tests are enabled, the appliance downloads new OVAL definitions to all managed devices during the next scripting update whenever a new package becomes available, regardless of the OVAL schedule settings.

The OVAL update ZIP file can be more than 30 MB in size — large enough to impact the performance of devices with slow connections. The ZIP file includes both 32- and 64-bit versions of the OVAL Interpreter and uses the correct version for the device. The OVAL Interpreter requires Microsoft .NET Framework and supports both the full (“Extended”) and Client Profile versions.

Configure OVAL Settings

To run OVAL tests, you must enable OVAL, select target devices and operating systems, and establish a run schedule.

OVAL tests require extensive resources and can affect the performance of target devices. Therefore, exercise caution when configuring OVAL settings.

1.
Go to the OVAL Schedule Detail page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click OVAL Scan.
c.
On the OVAL Scan panel, click Schedules.
2.
In the Configure section, specify the following settings:

Setting

Description

Enabled

Run on the target devices. Only enabled configurations can run.

If OVAL tests are disabled, updates are stored on the appliance but they are not pushed out to target devices until OVAL tests are enabled and scheduled.

Allow Run While Logged Off

Run even if no user is logged in. Clear this check box to run the item only when a user is logged in to the device.

3.
In the Deploy section, specify the following settings:

Setting

Description

Labels

Limit deployment to devices that belong to specified labels. To select labels, click Edit, drag labels to the Limit Deployment to window, then click Save.

If you select a label that has a Replication Share or an alternate download location, the appliance copies digital assets from that Replication Share or alternate download location instead of downloading them directly from the appliance.

Devices

Limit deployment to specific devices. In the drop-down list, select the devices to which you want to deploy the application. To filter the list, type a few characters in the Devices field. The number next to the field indicates the number of devices available. Scoped users can see only those devices that are associated with their role, when the role is assigned a label. For more information about user roles, see Add or edit User Roles.

Operating Systems

Select the operating systems you want to deploy to.

1.
Click Manage Operating Systems.
2.
In the Operating Systems dialog box that appears, select the OS versions in the navigation tree, as applicable.

You have an option to select OS versions by their family, product, architecture, release ID, or build version. You can choose a specific build version, or a parent node, as needed. Selecting a parent node in the tree automatically selects the associated child nodes. This behavior allows you to select any future OS versions, as devices are added or upgraded in your managed environment. For example, to select all build current and future versions associated with the Windows 10 x64 architecture, under All > Windows > Windows 10, select x64.

4.
In the Schedule section, specify the time and frequency for running OVAL:

Setting

Description

None

Run in combination with an event rather than on a specific date or at a specific time.

Every n minutes/hours

Run at a specified interval.

Every day/specific day at HH:MM

Run daily at a specified time, or run on a designated day of the week at a specified time.

Run on the nth of every month/specific month at HH:MM

Run on the same day every month, or a specific month, at the specified time.

Run on the nth weekday of every month/specific month at HH:MM

Run on the specific weekday of every month, or a specific month, at the specified time.

Custom

Run according to a custom schedule.

Use standard 5-field cron format (extended cron format is not supported):

Use the following when specifying values:

Spaces ( ): Separate each field with a space.
Asterisks (*): Include the entire range of values in a field with an asterisk. For example, an asterisk in the hour field indicates every hour.
Commas (,): Separate multiple values in a field with a comma. For example, 0,6 in the day of the week field indicates Sunday and Saturday.
Hyphens (-): Indicate a range of values in a field with a hyphen. For example, 1-5 in the day of the week field is equivalent to 1,2,3,4,5, which indicates Monday through Friday.
Slashes (/): Specify the intervals at which to repeat an action with a slash. For example, */3 in the hour field is equivalent to 0,3,6,9,12,15,18,21. The asterisk (*) specifies every hour, but /3 restricts this to hours divisible by 3.

Examples:

View Task Schedule

Click to view the task schedule. The Task Schedule dialog box displays a list of scheduled. Click a task to review the task details. For more information, see View task schedules.

5.
Click Save.
6.
Click Run Now to run the script immediately.
View the OVAL vulnerability report

The OVAL Report page shows the OVAL tests that have been run since the last time the OVAL definitions were updated.

OVAL results are deleted from this page when OVAL definitions are updated. To save the results, schedule an OVAL device report to run periodically. See Add report schedules.

1.
Go to the OVAL Scan page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click OVAL Scan.
c.
In the Reporting section, click Show summary results.
Apply labels to affected devices

From the Test detail view, you can view all the devices that failed the OVAL test, and you can assign a label to those devices so that you can patch them later.

1.
Go to the OVAL Scan Summary page:
a.
On the left navigation bar, click Security, then click OVAL Scan.
b.
Under Reporting, click Show device compliance.
3.
Select Choose Action, then select the appropriate label under Apply Label to Affected Devices.
You can also search tests by making the appropriate selection in the View By drop-down list, which appears above the table on the right.
View the OVAL Report

The OVAL Device Compliance page shows a list of devices with OVAL test results. Here, you can view a summary of tests that were run on specific devices.

The label under the Device column in the OVAL Computer Report page is the inventory ID assigned by the appliance Inventory component.

For more information about any of the devices in the report, click the linked device name to navigate to the device detail page.

1.
Go to the OVAL Device Compliance page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click OVAL Scan.
c.
Under Reporting, click Show summary results.
The OVAL Device Compliance page appears containing a list of OVAL reports.

View the OVAL vulnerability report

Understanding OVAL tests and definitions

OVAL definitions contain the information required to perform OVAL tests. This information can include checks for registry entries, file versions, and WMI (Windows Management Instrumentation) data.

OVAL test definitions pass through a series of phases before being released. Depending on where a definition is in this process, it is assigned one of the following status values:

Status

Description

Draft

Indicates that the definition is assigned an OVAL ID number and is under discussion on the Community Forum and by the OVAL Board.

Interim

Indicates that the definition is under review by the OVAL Board and available for discussion on the Community Forum. Definitions are generally assigned this status for two weeks, unless additional changes or discussions are required.

Accepted

Indicates that the definition has passed the Interim stage and is posted on the OVAL Definition pages. All history of discussions pertaining to Accepted definitions are linked from the OVAL definition.

Other possible status values include:

For more information about the stages of OVAL definitions, go to http://cve.mitre.org.

When OVAL tests are enabled, all available OVAL tests run on the target devices.

OVAL test details do not indicate the severity of the vulnerability. Use your own judgment to determine whether to test your network for the presence of a particular vulnerability.

View OVAL tests and definitions

You can view OVAL tests and definitions in the Administrator Console.

1.
Go to the OVAL Catalog list:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click OVAL Scan.
c.
On the OVAL Scan panel, click Catalog.
2.
Optional: Limit which tests are displayed by using the View By drop-down list or Search field to find OVAL tests by OVAL-ID, CVE Number, operating system, or text.
3.
Click a Name link in the OVAL Catalog list.
The OVAL Definition Detail page displays the following information:

Field

Description

OVAL-ID

The status of the vulnerability following the OVAL-ID. Possible values are Draft, Interim, or Accepted.

Class

The nature of the vulnerability. Possible values are: Compliance, Deprecated, Patch, and Vulnerability.

Ref-ID

A link to additional details about the vulnerability.

Description

The common definition of the vulnerability as found on the CVE list.

Definition

The steps used to test whether the vulnerability exists.

The table at the bottom of the OVAL Tests: Definition page displays the list of devices in your network that contain the vulnerability. For convenience, a printer-friendly version of this data is available.

Running OVAL tests

The appliance runs OVAL tests automatically based on the schedule specified in OVAL Settings.

It takes approximately one hour to run OVAL tests. In addition, OVAL Tests consume a large amount of memory and CPU resources, which might affect the performance of target devices. To minimize the disruption to users, run OVAL tests weekly or monthly and during hours when users are least likely to be inconvenienced.

In addition, you can run OVAL tests manually by logging in to the device as Administrator and running debug.bat. This file is usually located in the program data directory. For example: C:\ProgramData\Quest\KACE\kbots_cache\packages\kbots\9

Using labels to restrict OVAL tests

If you are running OVAL tests periodically or if you want to obtain the OVAL test results for only a few devices, you can assign a label to those devices. You can then use the Run Now function to run OVAL tests on those devices only.

For more information about using labels, see About labels.

Understanding OVAL updates

The appliance checks for new OVAL definitions every night, but you should expect new definitions every month. If OVAL tests are enabled, the appliance downloads new OVAL definitions to all managed devices during the next scripting update whenever a new package becomes available, regardless of the OVAL schedule settings.

The OVAL update ZIP file can be more than 30 MB in size — large enough to impact the performance of devices with slow connections. The ZIP file includes both 32- and 64-bit versions of the OVAL Interpreter and uses the correct version for the device. The OVAL Interpreter requires Microsoft .NET Framework and supports both the full (“Extended”) and Client Profile versions.

Configure OVAL Settings

To run OVAL tests, you must enable OVAL, select target devices and operating systems, and establish a run schedule.

OVAL tests require extensive resources and can affect the performance of target devices. Therefore, exercise caution when configuring OVAL settings.

1.
Go to the OVAL Schedule Detail page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click OVAL Scan.
c.
On the OVAL Scan panel, click Schedules.
2.
In the Configure section, specify the following settings:

Setting

Description

Enabled

Run on the target devices. Only enabled configurations can run.

If OVAL tests are disabled, updates are stored on the appliance but they are not pushed out to target devices until OVAL tests are enabled and scheduled.

Allow Run While Logged Off

Run even if no user is logged in. Clear this check box to run the item only when a user is logged in to the device.

3.
In the Deploy section, specify the following settings:

Setting

Description

Labels

Limit deployment to devices that belong to specified labels. To select labels, click Edit, drag labels to the Limit Deployment to window, then click Save.

If you select a label that has a Replication Share or an alternate download location, the appliance copies digital assets from that Replication Share or alternate download location instead of downloading them directly from the appliance.

Devices

Limit deployment to specific devices. In the drop-down list, select the devices to which you want to deploy the application. To filter the list, type a few characters in the Devices field. The number next to the field indicates the number of devices available. Scoped users can see only those devices that are associated with their role, when the role is assigned a label. For more information about user roles, see Add or edit User Roles.

Operating Systems

Select the operating systems you want to deploy to.

1.
Click Manage Operating Systems.
2.
In the Operating Systems dialog box that appears, select the OS versions in the navigation tree, as applicable.

You have an option to select OS versions by their family, product, architecture, release ID, or build version. You can choose a specific build version, or a parent node, as needed. Selecting a parent node in the tree automatically selects the associated child nodes. This behavior allows you to select any future OS versions, as devices are added or upgraded in your managed environment. For example, to select all build current and future versions associated with the Windows 10 x64 architecture, under All > Windows > Windows 10, select x64.

4.
In the Schedule section, specify the time and frequency for running OVAL:

Setting

Description

None

Run in combination with an event rather than on a specific date or at a specific time.

Every n minutes/hours

Run at a specified interval.

Every day/specific day at HH:MM

Run daily at a specified time, or run on a designated day of the week at a specified time.

Run on the nth of every month/specific month at HH:MM

Run on the same day every month, or a specific month, at the specified time.

Run on the nth weekday of every month/specific month at HH:MM

Run on the specific weekday of every month, or a specific month, at the specified time.

Custom

Run according to a custom schedule.

Use standard 5-field cron format (extended cron format is not supported):

Use the following when specifying values:

Spaces ( ): Separate each field with a space.
Asterisks (*): Include the entire range of values in a field with an asterisk. For example, an asterisk in the hour field indicates every hour.
Commas (,): Separate multiple values in a field with a comma. For example, 0,6 in the day of the week field indicates Sunday and Saturday.
Hyphens (-): Indicate a range of values in a field with a hyphen. For example, 1-5 in the day of the week field is equivalent to 1,2,3,4,5, which indicates Monday through Friday.
Slashes (/): Specify the intervals at which to repeat an action with a slash. For example, */3 in the hour field is equivalent to 0,3,6,9,12,15,18,21. The asterisk (*) specifies every hour, but /3 restricts this to hours divisible by 3.

Examples:

View Task Schedule

Click to view the task schedule. The Task Schedule dialog box displays a list of scheduled. Click a task to review the task details. For more information, see View task schedules.

5.
Click Save.
6.
Click Run Now to run the script immediately.
View the OVAL vulnerability report

The OVAL Report page shows the OVAL tests that have been run since the last time the OVAL definitions were updated.

OVAL results are deleted from this page when OVAL definitions are updated. To save the results, schedule an OVAL device report to run periodically. See Add report schedules.

1.
Go to the OVAL Scan page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click OVAL Scan.
c.
In the Reporting section, click Show summary results.
Apply labels to affected devices

From the Test detail view, you can view all the devices that failed the OVAL test, and you can assign a label to those devices so that you can patch them later.

1.
Go to the OVAL Scan Summary page:
a.
On the left navigation bar, click Security, then click OVAL Scan.
b.
Under Reporting, click Show device compliance.
3.
Select Choose Action, then select the appropriate label under Apply Label to Affected Devices.
You can also search tests by making the appropriate selection in the View By drop-down list, which appears above the table on the right.
View the OVAL Report

The OVAL Device Compliance page shows a list of devices with OVAL test results. Here, you can view a summary of tests that were run on specific devices.

The label under the Device column in the OVAL Computer Report page is the inventory ID assigned by the appliance Inventory component.

For more information about any of the devices in the report, click the linked device name to navigate to the device detail page.

1.
Go to the OVAL Device Compliance page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click OVAL Scan.
c.
Under Reporting, click Show summary results.
The OVAL Device Compliance page appears containing a list of OVAL reports.

Apply labels to affected devices

Understanding OVAL tests and definitions

OVAL definitions contain the information required to perform OVAL tests. This information can include checks for registry entries, file versions, and WMI (Windows Management Instrumentation) data.

OVAL test definitions pass through a series of phases before being released. Depending on where a definition is in this process, it is assigned one of the following status values:

Status

Description

Draft

Indicates that the definition is assigned an OVAL ID number and is under discussion on the Community Forum and by the OVAL Board.

Interim

Indicates that the definition is under review by the OVAL Board and available for discussion on the Community Forum. Definitions are generally assigned this status for two weeks, unless additional changes or discussions are required.

Accepted

Indicates that the definition has passed the Interim stage and is posted on the OVAL Definition pages. All history of discussions pertaining to Accepted definitions are linked from the OVAL definition.

Other possible status values include:

For more information about the stages of OVAL definitions, go to http://cve.mitre.org.

When OVAL tests are enabled, all available OVAL tests run on the target devices.

OVAL test details do not indicate the severity of the vulnerability. Use your own judgment to determine whether to test your network for the presence of a particular vulnerability.

View OVAL tests and definitions

You can view OVAL tests and definitions in the Administrator Console.

1.
Go to the OVAL Catalog list:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click OVAL Scan.
c.
On the OVAL Scan panel, click Catalog.
2.
Optional: Limit which tests are displayed by using the View By drop-down list or Search field to find OVAL tests by OVAL-ID, CVE Number, operating system, or text.
3.
Click a Name link in the OVAL Catalog list.
The OVAL Definition Detail page displays the following information:

Field

Description

OVAL-ID

The status of the vulnerability following the OVAL-ID. Possible values are Draft, Interim, or Accepted.

Class

The nature of the vulnerability. Possible values are: Compliance, Deprecated, Patch, and Vulnerability.

Ref-ID

A link to additional details about the vulnerability.

Description

The common definition of the vulnerability as found on the CVE list.

Definition

The steps used to test whether the vulnerability exists.

The table at the bottom of the OVAL Tests: Definition page displays the list of devices in your network that contain the vulnerability. For convenience, a printer-friendly version of this data is available.

Running OVAL tests

The appliance runs OVAL tests automatically based on the schedule specified in OVAL Settings.

It takes approximately one hour to run OVAL tests. In addition, OVAL Tests consume a large amount of memory and CPU resources, which might affect the performance of target devices. To minimize the disruption to users, run OVAL tests weekly or monthly and during hours when users are least likely to be inconvenienced.

In addition, you can run OVAL tests manually by logging in to the device as Administrator and running debug.bat. This file is usually located in the program data directory. For example: C:\ProgramData\Quest\KACE\kbots_cache\packages\kbots\9

Using labels to restrict OVAL tests

If you are running OVAL tests periodically or if you want to obtain the OVAL test results for only a few devices, you can assign a label to those devices. You can then use the Run Now function to run OVAL tests on those devices only.

For more information about using labels, see About labels.

Understanding OVAL updates

The appliance checks for new OVAL definitions every night, but you should expect new definitions every month. If OVAL tests are enabled, the appliance downloads new OVAL definitions to all managed devices during the next scripting update whenever a new package becomes available, regardless of the OVAL schedule settings.

The OVAL update ZIP file can be more than 30 MB in size — large enough to impact the performance of devices with slow connections. The ZIP file includes both 32- and 64-bit versions of the OVAL Interpreter and uses the correct version for the device. The OVAL Interpreter requires Microsoft .NET Framework and supports both the full (“Extended”) and Client Profile versions.

Configure OVAL Settings

To run OVAL tests, you must enable OVAL, select target devices and operating systems, and establish a run schedule.

OVAL tests require extensive resources and can affect the performance of target devices. Therefore, exercise caution when configuring OVAL settings.

1.
Go to the OVAL Schedule Detail page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click OVAL Scan.
c.
On the OVAL Scan panel, click Schedules.
2.
In the Configure section, specify the following settings:

Setting

Description

Enabled

Run on the target devices. Only enabled configurations can run.

If OVAL tests are disabled, updates are stored on the appliance but they are not pushed out to target devices until OVAL tests are enabled and scheduled.

Allow Run While Logged Off

Run even if no user is logged in. Clear this check box to run the item only when a user is logged in to the device.

3.
In the Deploy section, specify the following settings:

Setting

Description

Labels

Limit deployment to devices that belong to specified labels. To select labels, click Edit, drag labels to the Limit Deployment to window, then click Save.

If you select a label that has a Replication Share or an alternate download location, the appliance copies digital assets from that Replication Share or alternate download location instead of downloading them directly from the appliance.

Devices

Limit deployment to specific devices. In the drop-down list, select the devices to which you want to deploy the application. To filter the list, type a few characters in the Devices field. The number next to the field indicates the number of devices available. Scoped users can see only those devices that are associated with their role, when the role is assigned a label. For more information about user roles, see Add or edit User Roles.

Operating Systems

Select the operating systems you want to deploy to.

1.
Click Manage Operating Systems.
2.
In the Operating Systems dialog box that appears, select the OS versions in the navigation tree, as applicable.

You have an option to select OS versions by their family, product, architecture, release ID, or build version. You can choose a specific build version, or a parent node, as needed. Selecting a parent node in the tree automatically selects the associated child nodes. This behavior allows you to select any future OS versions, as devices are added or upgraded in your managed environment. For example, to select all build current and future versions associated with the Windows 10 x64 architecture, under All > Windows > Windows 10, select x64.

4.
In the Schedule section, specify the time and frequency for running OVAL:

Setting

Description

None

Run in combination with an event rather than on a specific date or at a specific time.

Every n minutes/hours

Run at a specified interval.

Every day/specific day at HH:MM

Run daily at a specified time, or run on a designated day of the week at a specified time.

Run on the nth of every month/specific month at HH:MM

Run on the same day every month, or a specific month, at the specified time.

Run on the nth weekday of every month/specific month at HH:MM

Run on the specific weekday of every month, or a specific month, at the specified time.

Custom

Run according to a custom schedule.

Use standard 5-field cron format (extended cron format is not supported):

Use the following when specifying values:

Spaces ( ): Separate each field with a space.
Asterisks (*): Include the entire range of values in a field with an asterisk. For example, an asterisk in the hour field indicates every hour.
Commas (,): Separate multiple values in a field with a comma. For example, 0,6 in the day of the week field indicates Sunday and Saturday.
Hyphens (-): Indicate a range of values in a field with a hyphen. For example, 1-5 in the day of the week field is equivalent to 1,2,3,4,5, which indicates Monday through Friday.
Slashes (/): Specify the intervals at which to repeat an action with a slash. For example, */3 in the hour field is equivalent to 0,3,6,9,12,15,18,21. The asterisk (*) specifies every hour, but /3 restricts this to hours divisible by 3.

Examples:

View Task Schedule

Click to view the task schedule. The Task Schedule dialog box displays a list of scheduled. Click a task to review the task details. For more information, see View task schedules.

5.
Click Save.
6.
Click Run Now to run the script immediately.
View the OVAL vulnerability report

The OVAL Report page shows the OVAL tests that have been run since the last time the OVAL definitions were updated.

OVAL results are deleted from this page when OVAL definitions are updated. To save the results, schedule an OVAL device report to run periodically. See Add report schedules.

1.
Go to the OVAL Scan page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click OVAL Scan.
c.
In the Reporting section, click Show summary results.
Apply labels to affected devices

From the Test detail view, you can view all the devices that failed the OVAL test, and you can assign a label to those devices so that you can patch them later.

1.
Go to the OVAL Scan Summary page:
a.
On the left navigation bar, click Security, then click OVAL Scan.
b.
Under Reporting, click Show device compliance.
3.
Select Choose Action, then select the appropriate label under Apply Label to Affected Devices.
You can also search tests by making the appropriate selection in the View By drop-down list, which appears above the table on the right.
View the OVAL Report

The OVAL Device Compliance page shows a list of devices with OVAL test results. Here, you can view a summary of tests that were run on specific devices.

The label under the Device column in the OVAL Computer Report page is the inventory ID assigned by the appliance Inventory component.

For more information about any of the devices in the report, click the linked device name to navigate to the device detail page.

1.
Go to the OVAL Device Compliance page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click OVAL Scan.
c.
Under Reporting, click Show summary results.
The OVAL Device Compliance page appears containing a list of OVAL reports.

View the OVAL Report

Understanding OVAL tests and definitions

OVAL definitions contain the information required to perform OVAL tests. This information can include checks for registry entries, file versions, and WMI (Windows Management Instrumentation) data.

OVAL test definitions pass through a series of phases before being released. Depending on where a definition is in this process, it is assigned one of the following status values:

Status

Description

Draft

Indicates that the definition is assigned an OVAL ID number and is under discussion on the Community Forum and by the OVAL Board.

Interim

Indicates that the definition is under review by the OVAL Board and available for discussion on the Community Forum. Definitions are generally assigned this status for two weeks, unless additional changes or discussions are required.

Accepted

Indicates that the definition has passed the Interim stage and is posted on the OVAL Definition pages. All history of discussions pertaining to Accepted definitions are linked from the OVAL definition.

Other possible status values include:

For more information about the stages of OVAL definitions, go to http://cve.mitre.org.

When OVAL tests are enabled, all available OVAL tests run on the target devices.

OVAL test details do not indicate the severity of the vulnerability. Use your own judgment to determine whether to test your network for the presence of a particular vulnerability.

View OVAL tests and definitions

You can view OVAL tests and definitions in the Administrator Console.

1.
Go to the OVAL Catalog list:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click OVAL Scan.
c.
On the OVAL Scan panel, click Catalog.
2.
Optional: Limit which tests are displayed by using the View By drop-down list or Search field to find OVAL tests by OVAL-ID, CVE Number, operating system, or text.
3.
Click a Name link in the OVAL Catalog list.
The OVAL Definition Detail page displays the following information:

Field

Description

OVAL-ID

The status of the vulnerability following the OVAL-ID. Possible values are Draft, Interim, or Accepted.

Class

The nature of the vulnerability. Possible values are: Compliance, Deprecated, Patch, and Vulnerability.

Ref-ID

A link to additional details about the vulnerability.

Description

The common definition of the vulnerability as found on the CVE list.

Definition

The steps used to test whether the vulnerability exists.

The table at the bottom of the OVAL Tests: Definition page displays the list of devices in your network that contain the vulnerability. For convenience, a printer-friendly version of this data is available.

Running OVAL tests

The appliance runs OVAL tests automatically based on the schedule specified in OVAL Settings.

It takes approximately one hour to run OVAL tests. In addition, OVAL Tests consume a large amount of memory and CPU resources, which might affect the performance of target devices. To minimize the disruption to users, run OVAL tests weekly or monthly and during hours when users are least likely to be inconvenienced.

In addition, you can run OVAL tests manually by logging in to the device as Administrator and running debug.bat. This file is usually located in the program data directory. For example: C:\ProgramData\Quest\KACE\kbots_cache\packages\kbots\9

Using labels to restrict OVAL tests

If you are running OVAL tests periodically or if you want to obtain the OVAL test results for only a few devices, you can assign a label to those devices. You can then use the Run Now function to run OVAL tests on those devices only.

For more information about using labels, see About labels.

Understanding OVAL updates

The appliance checks for new OVAL definitions every night, but you should expect new definitions every month. If OVAL tests are enabled, the appliance downloads new OVAL definitions to all managed devices during the next scripting update whenever a new package becomes available, regardless of the OVAL schedule settings.

The OVAL update ZIP file can be more than 30 MB in size — large enough to impact the performance of devices with slow connections. The ZIP file includes both 32- and 64-bit versions of the OVAL Interpreter and uses the correct version for the device. The OVAL Interpreter requires Microsoft .NET Framework and supports both the full (“Extended”) and Client Profile versions.

Configure OVAL Settings

To run OVAL tests, you must enable OVAL, select target devices and operating systems, and establish a run schedule.

OVAL tests require extensive resources and can affect the performance of target devices. Therefore, exercise caution when configuring OVAL settings.

1.
Go to the OVAL Schedule Detail page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click OVAL Scan.
c.
On the OVAL Scan panel, click Schedules.
2.
In the Configure section, specify the following settings:

Setting

Description

Enabled

Run on the target devices. Only enabled configurations can run.

If OVAL tests are disabled, updates are stored on the appliance but they are not pushed out to target devices until OVAL tests are enabled and scheduled.

Allow Run While Logged Off

Run even if no user is logged in. Clear this check box to run the item only when a user is logged in to the device.

3.
In the Deploy section, specify the following settings:

Setting

Description

Labels

Limit deployment to devices that belong to specified labels. To select labels, click Edit, drag labels to the Limit Deployment to window, then click Save.

If you select a label that has a Replication Share or an alternate download location, the appliance copies digital assets from that Replication Share or alternate download location instead of downloading them directly from the appliance.

Devices

Limit deployment to specific devices. In the drop-down list, select the devices to which you want to deploy the application. To filter the list, type a few characters in the Devices field. The number next to the field indicates the number of devices available. Scoped users can see only those devices that are associated with their role, when the role is assigned a label. For more information about user roles, see Add or edit User Roles.

Operating Systems

Select the operating systems you want to deploy to.

1.
Click Manage Operating Systems.
2.
In the Operating Systems dialog box that appears, select the OS versions in the navigation tree, as applicable.

You have an option to select OS versions by their family, product, architecture, release ID, or build version. You can choose a specific build version, or a parent node, as needed. Selecting a parent node in the tree automatically selects the associated child nodes. This behavior allows you to select any future OS versions, as devices are added or upgraded in your managed environment. For example, to select all build current and future versions associated with the Windows 10 x64 architecture, under All > Windows > Windows 10, select x64.

4.
In the Schedule section, specify the time and frequency for running OVAL:

Setting

Description

None

Run in combination with an event rather than on a specific date or at a specific time.

Every n minutes/hours

Run at a specified interval.

Every day/specific day at HH:MM

Run daily at a specified time, or run on a designated day of the week at a specified time.

Run on the nth of every month/specific month at HH:MM

Run on the same day every month, or a specific month, at the specified time.

Run on the nth weekday of every month/specific month at HH:MM

Run on the specific weekday of every month, or a specific month, at the specified time.

Custom

Run according to a custom schedule.

Use standard 5-field cron format (extended cron format is not supported):

Use the following when specifying values:

Spaces ( ): Separate each field with a space.
Asterisks (*): Include the entire range of values in a field with an asterisk. For example, an asterisk in the hour field indicates every hour.
Commas (,): Separate multiple values in a field with a comma. For example, 0,6 in the day of the week field indicates Sunday and Saturday.
Hyphens (-): Indicate a range of values in a field with a hyphen. For example, 1-5 in the day of the week field is equivalent to 1,2,3,4,5, which indicates Monday through Friday.
Slashes (/): Specify the intervals at which to repeat an action with a slash. For example, */3 in the hour field is equivalent to 0,3,6,9,12,15,18,21. The asterisk (*) specifies every hour, but /3 restricts this to hours divisible by 3.

Examples:

View Task Schedule

Click to view the task schedule. The Task Schedule dialog box displays a list of scheduled. Click a task to review the task details. For more information, see View task schedules.

5.
Click Save.
6.
Click Run Now to run the script immediately.
View the OVAL vulnerability report

The OVAL Report page shows the OVAL tests that have been run since the last time the OVAL definitions were updated.

OVAL results are deleted from this page when OVAL definitions are updated. To save the results, schedule an OVAL device report to run periodically. See Add report schedules.

1.
Go to the OVAL Scan page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click OVAL Scan.
c.
In the Reporting section, click Show summary results.
Apply labels to affected devices

From the Test detail view, you can view all the devices that failed the OVAL test, and you can assign a label to those devices so that you can patch them later.

1.
Go to the OVAL Scan Summary page:
a.
On the left navigation bar, click Security, then click OVAL Scan.
b.
Under Reporting, click Show device compliance.
3.
Select Choose Action, then select the appropriate label under Apply Label to Affected Devices.
You can also search tests by making the appropriate selection in the View By drop-down list, which appears above the table on the right.
View the OVAL Report

The OVAL Device Compliance page shows a list of devices with OVAL test results. Here, you can view a summary of tests that were run on specific devices.

The label under the Device column in the OVAL Computer Report page is the inventory ID assigned by the appliance Inventory component.

For more information about any of the devices in the report, click the linked device name to navigate to the device detail page.

1.
Go to the OVAL Device Compliance page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Security, then click OVAL Scan.
c.
Under Reporting, click Show summary results.
The OVAL Device Compliance page appears containing a list of OVAL reports.
Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación