Views:
Server & Workload Protection offers an enhanced recommendation scan to help identify which rules you should apply or remove for Intrusion Prevention, Integrity Monitoring, and Log Inspection. The resulting recommendations are a good place to start when establishing security rules. However, you may need to implement additional rules for common vulnerabilities.
The enhanced recommendation scan improves upon the classic recommendation scan in the following ways:
  • The enhanced recommendation scan automatically scans at least once every 24 hours. This scan is short and efficient to avoid disrupting operations.
  • Improved efficiency allows more frequent scans for improved protection. Expect significantly lower use of system resources.
  • Reliable scans. Fewer failed scans means you can rely on the enhanced recommendation scan to provide regular recommendations.
  • More accurate with fewer incorrect or unnecessary recommendations.
  • Optimized performance with recommendations based on security rules that you require.
  • Fewer limitations than the classic recommendation scan. The few exceptions include the following:
    • If web browsers are the only applicable vector for Java-related vulnerabilities, the scanner does not recommend such rules.
    • For Unix and Linux operating systems, the scan engine might have trouble detecting software that is not installed through the operating system's default package manager. Applications installed using standard package managers do not have this problem.
  • Scheduled enhanced recommendation scans automatically implement recommendations based on the last results.
  • Ongoing enhanced recommendation scans automatically implement recommendations based on the last results.

Requirements

If your agents do not meet the requirements for enhanced recommendation scan, they automatically use the classic recommendation scan instead. The enhanced recommendation scan has the following requirements:
  • Agent version 20.0.1-12510 or later
  • Activity Monitoring enabled
  • Internet of Things (IoT) traffic to Amazon Web Services (AWS) permitted through firewalls
Related information

Manually run an enhanced recommendation scan

Scan for recommendations is similar to the classic recommendation scan but with a timeout for receiving results within 10 minutes. Clicking Scan for Recommendations disables the button during this timeout. If the recommendation scan results take longer than 10 minutes, the button becomes available so you can try again.

Procedure

  1. Click the module where you want to run the scan:
    • Integrity Monitoring
    • Intrusion Prevention
    • Log Inspection
  2. On the General tab under recommendations, click Scan for Recommendations.