On This Page
Scheduling or Running a Scan
Overview
The Scan (
) page enables the App Administrator to run or schedule a scan process to find rules which will expire. Rule Lifecycle Management App (RLM) loads the rules for each user in the My Queue page.
Review Scan Details
The Scan status bar shows when the last scan started, when it finished, and how long it ran.
Run a Manual Scan
At any time, you can click 
to run a manual scan.
Schedule Rule Expiration
In this section, configure the following rule expiration sync parameters:
- Interval in days: Determines the frequency (in days) at which RLM syncs with SecureTrack.
- Interval Start Time: Starting date when RLM syncs with SecureTrack.
Exclude Assets From Matching (Optional)
By default, RLM nominates all rules in SecureTrack for certification. There are times, however, when you may want to exclude certain rules, or maybe exclude one half of a given rule from matching.
For example, one scenario you may want to avoid is that RLM will interpret the value of Any in the source or destination by assigning that rule to all owners. To prevent this, add the proxy value 0.0.0.0/0 into the source or destination filter to exclude the value Any from the matching process.
You may also want to exclude public IP addresses, in either the source or destination, from the matching process; these addresses can also assign the rule to a wider range of owners than desired.
When excluding assets, RLM will “skip over” the IP addresses that you specify in the Filters section. You can control when the IP is skipped - if it is in the source, the destination, or both.
|
If you want to... |
Example |
|---|---|
|
Prevent Any from being assigned to all owners if it appears in BOTH the source and destination. The IP 0.0.0.0/0 represents Any. In this example, rules with Any in the source and destination will be excluded from matching. |
|
|
Prevent Any from being assigned to all owners if it is found in either the source or the destination. |
|
|
Prevent Any from being assigned to all owners if it is found in the source of a given rule. |
|
|
Prevent Any from being assigned to all owners if it is found in the destination of a given rule. |
|
|
Combine values in a single row, use the AND operator. In this example, the filter will retrieve rules with a source of 1.1.1.1 AND a destination of 2.2.2.2. |
|
|
Use the OR operator, click In this example, the filter will retrieve rules with a source of 1.1.1.1 OR a destination of 2.2.2.2. |
|
Remove a row, click  . |
and add a second row with the alternate value. Exclude Devices in the Scan Process (Optional)
By default, all devices for all the domains are selected, and RLM will review all rules for all of the devices. The names of the devices in RLM match the names of the devices in SecureTrack.
You can select one or more specific devices on which to run the scan.
To eliminate devices, for each domain click devices in the Scan Devices list to move them to the Non-Scan Devices list; these devices will not be considered in the scan process and will not be updated. To remove devices from the list in RLM, you can remove non-scan devices in SecureTrack and save. Subsequently, these devices will not appear in RLM.
