Scan Configuration

IMPORTANT: The RNA utilizes external IPs as the source of scanning traffic for external scans. To find the detailed list to add to your allow-list, see External RNA IPs.

Fortra Vulnerability Manger Scanning

Fortra Vulnerability Management™ (Fortra VM) scanners provide comprehensive, updated information about your environment’s security posture.

This page details the following topics:

  • Viewing, modifying, and creating scan policies
  • Managing scan credentials
  • Configuring scan results setting

Work with Scan Policies

This section describes how to view, modify, and create a scan policy, which is a set of instructions for a scanner. Fortra VM has default policies for several common scanning objectives (e.g., application discovery, host discovery, port scanning).

While a scanner only uses one scanner profile at a time, a profile can accommodate many scans—each of which with a different policy. A scan policy essentially tells the scanner how to process the scan by identifying scan speed, ports, scan credentials, password auditing, and vulnerabilities to include or exclude.

Add Credentials

Authenticated scanning gives you safer and more accurate scanning of your environment.

While you can add credentials when creating a scan policy, modifying and deleting credentials can only be done through the Credentials Manager. Please see our Scan Configuration article for more information.

See Authenticated Scanning for more details.

Configure Scan Results Settings

You can configure the type of scan information you receive on the Scan Results page (located by selecting System > Settings > Scan Results on the navigation menu).

From here, you can configure the following settings:

  • General:
  • Risks and Threat Prioritization, including default risk weight
    TIP: Be aware that changing your Default risk weight can adversely affect your Security GPA. If you have questions about this feature, contact Technical Support.
  • Data retention, including Scan purge days
    NOTE: Scan data purged from Fortra VM cannot be restored.
  • Matching and Trending, including Use static IP matching internally, Use SLA Security GPA/ SLA Security GPA days, and Active Threat Scanning Auto-Submit
  • NOTE: Active Threat Scanning Auto-Submit must be enabled on your account.

    Fortra VM Scan Results Page
    Frontline VM Scan Results Settings page

    Frequently Asked Questions

    Scan Information