Enable or disable CGI scanning

Note:

Disabling Common Gateway Interface (CGI) scanning prevents lockouts, but it does not mitigate risks. It also removes many Webmin checks that the scanner performs because Webmin applications often use the CGI language. CGI is a legacy feature for web-based Active Directory sign-in pages that consistently experienced false-positive account lockouts.

For example, if a typical Webmin page using CGI has a vulnerability, CGI scanning should discover this vulnerability. If the vulnerability involved threat actors that used known or default credentials to sign in to the system, there is a risk of account lockout. Disabling CGI scanning can limit the negative impact of account lockouts while you complete remediation steps to address the vulnerability.

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Data Collection > Scanners.
  3. Find the scanner to view, and then click View Scanner.
    Tip:

    The scanner must be online for configuration changes. If needed, use filters to limit your results. For more information, see Scanner filters.

  4. In the Scanner Configuration section, do one of these actions:
    • To enable CGI scanning, click the CGI Scanning toggle to the on position.
    • To disable CGI scanning, click the CGI Scanning toggle to the off position.
  5. Click Update Configuration.

    This button is not available if the scanner is offline.