Vulnerability assessment : Adding or modifying assessments
 
Adding or modifying assessments
This topic describes the task of adding (or modifying) FortiDB assessments. For a successful assessment, you must:
Create, or use an existing, target-base group which contains at least one valid target database
Create, or use an existing, policy group which contains at least one working policy
 
FortiDB does not perform an automatic session timeout after a certain period of time has elapsed. For example, if you leave assessment results on your screen while at lunch, unauthorized individuals could see this information. Therefore, you should logout or close your browser if you expect to leave your computer unattended.
Items marked with an asterisk (*) on data-entry forms are mandatory.
1. Go to Vulnerability Assessment > Assessments.
2. Do one of the following:
To add an assessment, click Add.
To modify an assessment, click its name.
3. On the General tab, enter the requested items: an Assessment Name so that you can reuse it later and (optionally) a Description of your assessment. Then configure your assessment using the tabs on the web page.
4. In the Targets tab, specify which target groups you want to assess.
Select one or more target groups from the Available Target Groups list on the left and click >> (right arrows) to add them to the Assigned Target Groups list.
You can remove a target group from Assigned Target Groups list on the right by clicking << (left arrows).
5. In the Policies tab, specify which target groups you want to assess.
a. Select one or more target groups from the Available Policy Groups list on the left and add them to the Assigned Policy Groups list by selecting the right-arrow button. (In order to remove a policy group from the Assigned Policy Groups list , select the left-arrow button.)
b. In order to see the policies associated with a policy group, select the group in either the Available Policy Groups list or the Assigned Policy Groups list. The list of policies is displayed in the Active Policies list .
6. Optionally, to specify policies to exclude from assessments by target:
a. Click Vulnerability Assessment > Assessments Exempted Policies.
b. Double-click the name of the target to view the list of policies you can exempt from assessments for that target.
c. In the Available Exempted Policies list, select the policy to exclude, and then click >> (double arrows) to add it to the Selected Exempted Policies list.
d. Click Save.
See also
Running assessments
Configuring assessment notifications
Selecting the type of report an assessment generates
Reviewing, deleting, and aborting assessment results