McAfee PASCDE-AB-IA Product Guide - Page 36

Configuring agentless audits How to handle missing audit results 6 Select Credentials and click on the appropriate account type in the tree pane or from the Account Type drop-down list. Type the required credential information in the appropriate fields. Click Add. 7 You can specify multiple credentials, such as credentials for each domain in the search range, and click Add after specifying each credential. Consult the McAfee Vulnerability Manager documentation for details on other settings for this tab. Click Next. The Scheduler tab appears. 8 Select the appropriate schedule type and settings. Click OK to save the scan. TIP: McAfee recommends that you select the Immediate option. Once McAfee Vulnerability Manager has had the opportunity to scan for systems, you can change the scan to occur at regular intervals. View McAfee Vulnerability Manager scan status You can view the status and results of McAfee Vulnerability Manager scans. The Asset Discovery Scan needs to finish running before you add assets to the ePolicy Orchestrator System Tree. Task For option definitions, click ? in the interface. 1 In the ePolicy Orchestrator user interface, click Menu | Risk & Compliance | Audits | View Foundstone Scan Status. The Scan Status page opens in a new browser window. The Status column shows the scans that are complete. 2 Click to view the scan report. How to handle missing audit results McAfee Policy Auditor uses the concept of frequency to determine how often audit data should be gathered. Frequency is defined as "Audit results should be no older than nnn time unit," where "nnn" is a number and "time unit" is "days," "weeks," and "months." For example, if the frequency for an audit is defined as one month and a managed system has not been audited in more than one month, the system is out of frequency and its status is unknown. The McAfee Vulnerability Manager extension uses the Data Collection Scan to audit systems and gather compliance data. The Data Collection Scan must finish before the PA: Maintain Foundstone server task is run. When the PA: Maintain Foundstone server task runs, it requests audit results for any missing results, any expired results, or any results that will expire within the next 24 hours. Thus, audits with a one-day frequency is set for auditing every time the PA: Maintain Foundstone audits server task is run. The task also assembles previously-collected audit results, synchronizes information, and performs cleanup tasks. The PA: Maintain Foundstone audits server task must be given a sufficient amount of time to assemble data before the MVM Data Import server task is run. The MVM Data Import task collects the latest asset data and imports it into the ePolicy Orchestrator server database. McAfee Policy Auditor then has the latest information to appear in reports and queries. To make sure that your audit results are up to date, configure the Data Collection Scan, PA: Maintain Foundstone audits server task, and MVM Data Import server task to give the system enough time to conduct audits and assemble result data. 36 McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6