On This Page
Scheduling or Running a Scan
Overview
App Administrator can identify rules that have expired or approaching expiration by running on-demand or scheduled scans in Scans. These scans proactively surface rules that require review. When the scan is complete, Rule Lifecycle Management App (RLM) loads the rules for each user in the My Queue page.
Review Scan Details
The status bar shows the details of the most recent scan: start and finish time, and the scan duration.
On-Demand Scans
To run a scan manually at any time, click 
.
Scheduled Scans
A scheduled scan runs the scan automatically at the defined interval, instead of requiring you to start it manually. Use scheduled scans to run scans at times that better fit your maintenance window and resource planning.
Scan parameters
- Interval in days: Determines the frequency (in days) at which RLM syncs with SecureTrack.
- Interval start time: The date and time at which to start the date when RLM syncs with SecureTrack.
Disable automatic scan on rule ownership changes
RLM checks for changes in SecureChange users or groups on a daily basis. When changes are detected, RLM updates the Owners table, and initiates a scan to update the rule owners. This behavior can potentially tie up system resources, and generate a large volume of email notifications.
You can disable such automatically initiated scans by disabling Initiate a new scan anytime a change in SecureChange users or groups is detected.
Stop a Scan In Progress
At any time, click Save to stop a scan that is in progress.
Exclude rules or assets from scans
By default, when running scans, both on-demand or scheduled, RLM includes all rules. You may want to exclude specific rules, or one half of a given rule from the scan.
For example, ignore assets with Any in source or destination fields, to prevent RLM from assigning that rule to all owners. Add the proxy value 0.0.0.0/0 into the source or destination filter to exclude the value Any from the matching process.
You may also want to exclude public IP addresses, in either the source or destination, from the matching process. these addresses can also assign the rule to a wider range of owners than desired.
When excluding assets, RLM ignores the IP addresses that you specify in the Filters section. You can control when the IP is skipped - if it is in the source, the destination, or both.
|
To |
Set this filter |
|---|---|
|
Prevent Any from being assigned to all owners if it appears in both the source and destination. The IP 0.0.0.0/0 represents Any. In this example, rules with Any in the source and destination will be excluded from matching. |
|
|
Prevent Any from being assigned to all owners if found in either the source or the destination. |
|
|
Prevent Any from being assigned to all owners if found in the source of a given rule. |
|
|
Prevent Any from being assigned to all owners if it is found in the destination of a given rule. |
|
|
Prevent rules that match a specific source and destination (combine values in a single row, use the AND operator. In this example, the filter will retrieve rules with a source of 1.1.1.1 AND a destination of 2.2.2.2. |
|
|
Use the OR operator, click In this example, the filter will retrieve rules with a source of 1.1.1.1 OR a destination of 2.2.2.2. |
|
Remove a filter, click  . |
and add a second row with the alternate value. Exclude devices from scans
The Scan Devices list displays all the devices available for the selected domain, or all domains when set to default. Scans, by default, include all devices from all or the selected domain. You can exclude devices from the scan.
- To find specific devices, use the search option. The names of the devices in RLM are identical to the names in SecureTrack.
-
To exclude one or more devices from the scan, click and move the devices from Scan Devices to Non-Scan Devices. Excluding devices does not remove them from RLM.
-
To remove devices from RLM, you can remove non-scan devices in SecureTrack and save changes.
Ownership change during on-going scans
If rule owners are added or replaced during an ongoing scan, all previously submitted decisions are preserved. This means that if some owners submitted decisions before the scan started and were later replaced or joined by new owners, the current owners do not need to resubmit their decisions, and new owners are not required to recertify past decisions.
