Views:
WARNING
WARNING
Do not enable Auto apply core Endpoint & Workload rules when using classic recommendation scan.
The enhanced recommendation scan improves upon the classic recommendation scan in the following ways:
  • The enhanced recommendation scan automatically scans at least once every 24 hours. This scan is short and efficient to avoid disrupting operations.
  • Improved efficiency allows more frequent scans for improved protection. Expect significantly lower use of system resources.
  • Reliable scans. Fewer failed scans means you can rely on the enhanced recommendation scan to provide regular recommendations.
  • More accurate with fewer incorrect or unnecessary recommendations.
  • Optimized performance with recommendations based on security rules that you require.
  • Fewer limitations than the classic recommendation scan:
    • Able to recommend new web application rules, if applicable.
    • No longer recommends applications like Red Hat JBoss, Apache Struts, Oracle Weblogic, CMS applications, and other applications that would have unnecessary recommendations.
    • On Linux systems, better detection for software that is not installed through the operating system's default package manager.
  • Scheduled enhanced recommendation scans automatically implement recommendations based on the last results.
  • Ongoing enhanced recommendation scans automatically implement recommendations based on the last results.
The enhanced recommendation scan has the following requirements:
  • Agent version 20.0.1-21510 or later (See supported features by version for Linux, Windows, or Windows Server.)
  • For agents earlier than version 20.0.2-4960, Activity Monitoring enabled
  • Internet of Things (IoT) traffic to Amazon Web Services (AWS) permitted through firewalls
    If the agent does not receive any recommendations for 36 hours and either IoT traffic to AWS is not permitted through the firewalls or the enhanced recommendation scan fails, the agent automatically falls back to the classic recommendation scan. Upon receiving recommendations from the enhanced recommendation scan, the agent immediately resumes using the enhanced recommendation scan.
Agents that do not meet the requirements for the enhanced recommendation scan automatically use the classic recommendation scan instead.
Related information

Manually run an enhanced recommendation scan

This scan for recommendations is similar to the classic recommendation scan but with a timeout for receiving results within 10 minutes. Clicking Scan for Recommendations disables the button during this timeout. If the recommendation scan results take longer than 10 minutes, the button becomes available so you can try again. In addition to manually running the enhanced recommendation scan you can also configure scheduled scans and ongoing scans.

Procedure

  1. Click the module where you want to run the scan:
    • Integrity Monitoring
    • Intrusion Prevention
    • Log Inspection
  2. On the General tab under Recommendations, click Scan for Recommendations.
The results of the latest enhanced recommendation scan appear on the General tab of the Intrusion Prevention, Integrity Monitoring, or Log Inspection protection module.