Basic first time setup for a new Footprint tenant
Pre-requisites:
List of customer users by unique e-mail that need access in the interface or e-mail reports.
Scan Frequency (Continuous, Weekly, Monthly)
External Scan Targets (URL’s, DMZ IP addresses, Public ISP assigned router address, etc.)
Internal Scan Targets (Private Subnets, Cloud Subscription Internal addresses)
If agents are going to be deployed (Linux, Mac, Windows)
If custom graphical elements are used
If specific assets need to be grouped by function or branch, etc.
Setting it up
The first time you login to the Footprint tenant you are taken to the Scan Surface page and asked to set up your scan.
Choose one of the two options: Demo Scan or Scan your own.
The Demo Scan would populate the tenant with two pre-defined vulnerable hosts that can be scanned. This is useful in demos, PoC’s or Trial situations where you need to see some data without actually having something available to scan. Remember this is a real scan so only use this for a short duration.
For a production tenant (customer) select “Scan your own”. This will take you to the Scan Surface Agentless tab and will allow you to start scanning hosts.
Here you can insert your scan targets either as FQDN’s, URL’s, IP Addresses, IP Ranges, IP Subnets or even e-mail addresses. More details on how to operate scans below:
https://support.codaintelligence.com/hc/en-us/articles/9414000892188-How-to-scan-with-Footprint
https://support.codaintelligence.com/hc/en-us/articles/9683649949852-Scanning-the-network
Before adding anything to the scan surface a good pre-requisite is to agree with the customer what is in scope for scanning.
External assets: Public Website, DMZ IP Addresses, DNS Servers, Mail Servers, etc.
Internal assets: Internal Subnets
Agent-Based assets.
External Scanning
For the external assets you may begin the scan immediately by adding then to the Scan Surface and selecting the Cloud Scanner. Every Footprint tenant comes with a shared Cloud Scanner. It is a good idea to whitelist the Cloud Scanner IP address if you want to have better results. If replicating a real life attacker is the purpose then do not whitelist the scanner IP to replicate random internet scanning.
The Public IP of the Cloud Scanner is visible in the Scan Surface > Deployed Scanners > Cloud Scanner tab under Public IP
Internal Scanning
[A] Internal Scanning can only be performed by using Internal Scanners. Internal Scanners are network scanners deployed on the customer’s network so that they are able to access Internal Address Ranges
More information here: https://support.codaintelligence.com/hc/en-us/articles/360016817419-Footprint-Technical-Reference#FootprintTechnicalReference-InternalScanner
Each Internal Scanner can scan a section of the network, or a set of subnets. Consider deploying multiple scanners if the Scan Surface is large.
[B] Agent Based Scanning can complement Internal Scanners and are also useful if you are scanning Servers or User Computers (laptops for example). The agent communication is reversed and data is sent from the agent (or scanned host) to the console rather than from the scanner to the scanned host. This work over HTTPS only so it is very effective on assets that are moved frequently or used on different networks.
Configuring Customer users
If additional users are needed then you can add them from Settings > User Manager. Only Co-Managed or Self-Managed tenants are allowed to have local users.
Configuring Client Settings
Other tenant wide options may be found in Settings > Client Settings.
Auto-Context generation enables the automatic grouping of Devices or Applications using Footprint dynamic rules (same open port, same function, etc.). This will automatically create some Business Contexts such as Workstations, Servers, File-Sharing, Web Applications, etc.
If the customer would like some specific grouping or grouping based on subnet or scanner you can use tags or manual editing of contexts.
Branding Override is needed if the customer wishes to have his own logo on the reports. By default branding options are inherited from the MSP Console settings.
By clicking the “Enable custom branding“ you can add your own logos to the reporting and interface.
The Field Names can be edited:
Company Name
App Name
Contact E-mail
Contact Name
You can also “Upload a new photo” to add graphical elements.
Press Save Changes to apply.
Risk Levels Customization is an optional setting if you would like to change the values for each risk level and the colors. This should only be edited if the customer needs a different scale.
If you edit this it will impact the way data is interpreted so do not change it unless mandatory
Mitigation Options is used for the Action Plan entries. It will add specific mitigations to reduce the risk in actions, for example: Virtual Patching, Segmented by Firewall or Applied specific workaround. Those are visible in the Action Plan when using “Accepted Risk” status.
Comments
0 comments
Please sign in to leave a comment.