Risk Dashboard Troubleshooting
Updated Dec 5, 2023- Troubleshoot the Risk Dashboard
- Troubleshoot account setup
- Troubleshoot scanning statuses
- Troubleshoot general issues
- The Risk Dashboard is not behaving as expected
- A risk changed to "Unsuccessful Validation"
- A risk has the status reason "The risk is confirmed resolved by the user"
- The scan takes longer than the designated time window in the scanning schedule
- Subnet scans are timing out
- Clicking Rescan did not rescan the target host
- See also
Troubleshoot the Risk Dashboard
This information provides solutions to common issues with the Risk Dashboard.
Troubleshoot account setup
This information provides solutions to common Risk Dashboard account setup issues.
I did not receive an account verification email
Possible cause: Email filtering or security settings may have sent the account verification email to a spam or junk folder.
Resolution: Check your spam or junk folders for the verification email. If the email is not there, contact your Concierge Security® Team (CST) at security@arcticwolf.com for manual verification.
I cannot set a password for my account using the URL in the email
Possible cause: For security reasons, the URL to set your account password expires after eight hours.
Resolution: Visit the Risk Dashboard, and then click Don’t remember your password?.
The Google Authenticator app will not scan the QR code to add two-factor authentication
Possible cause: The application may not be able to read the QR code because of interference from one of these:
- A browser plugin altering the screen color around the QR code
- A security filter applied to your screen
Resolution: Remove all physical and digital screen filters before scanning the QR code.
Troubleshoot scanning statuses
This information provides solutions to resolve various scanning statuses in the Risk Dashboard. See Scanner configuration section for more information.
Scanning status is degraded
Possible cause: The scanner did not complete a scan within 24 hours. A firewall, intrusion detection system (IDS), or intrusion prevention system (IPS) could be blocking traffic to or from the device.
Resolution:
-
Remove any traffic blocks.
-
Make sure that:
- The scanner can reach all of the subnets that you want it to scan.
- The firewall and switch access-controls lists (ACLs) do not prevent scanners from reaching the subnets that you want to scan.
- All of the required IP addresses and domain names are allowlisted. To see the complete list of IP addresses that you must allowlist, go to the Arctic Wolf Unified Portal, and then click Help > Allowlist Requirements. The IP addresses that must be allowlisted are listed under Scanners.
- The scanner VM meets the minimum resource requirements. If they do not, contact your CST at security@arcticwolf.com to increase the system resources.
-
If you are using credentialed scanning, make sure that you:
- Added proper credentials in the Credentialed Scanning section
- Provided a proper private SSH key.
See Credential Scanning section for more information.
-
If a scan is scheduled to run in the near future, wait until the next scan runs. If the scanner is no longer degraded, the status updates when the next scan runs.
Scanning status is misconfigured
Possible cause:
- There is a misconfigured scan schedule.
- There are no hosts in the configured subnets or there are hosts that the scanner cannot reach.
- Vulnerability scans are disabled.
- Subnets are excluded in the denylist configuration.
- A scan schedule has a length of zero.
- The scan is targeting too many hosts. For example,
10.0.0.0/8
.
Resolution: Reconfigure the scanner to address the possible causes.
Scanning status is disabled
Possible cause: Host identification scans and vulnerability scans are disabled.
Resolution: Enable host identification scans and vulnerability scans for the scanner. See Scanner configuration section for more information.
Troubleshoot general issues
This information provides resolutions to common general issues with the Risk Dashboard.
The Risk Dashboard is not behaving as expected
Possible cause: Connectivity issues could cause unexpected behavior in the Risk Dashboard.
Resolution: Perform a hard refresh of the page using these keyboard shortcuts:
- Windows — Press Shift+F5.
- MacOS — Press Command+Shift+r.
A risk changed to "Unsuccessful Validation"
Possible cause: Your changes were not successful in mitigating a specific vulnerability.
When you set the state of a risk to Fixed, Waiting Validation and a subsequent scan of that host still detects the same issue, the system moves the state of that issue to Unsuccessful Validation.
Resolution: Make changes as required to resolve the issue, and then repeat the validation process until the State value of the vulnerability changes to Mitigated.
A risk has the status reason "The risk is confirmed resolved by the user"
Possible cause: After you changed the State value of the risk to Mitigated, the risk became inactive and is no longer scanned.
Resolution: No action needed. For more information about inactive risks, see Risk statuses. For more information about the Mitigated risk state, see Risk states.
The scan takes longer than the designated time window in the scanning schedule
Possible cause: Some scans take up to two hours longer than their scheduled scanning window, depending on:
- The target type
- The target processor and bandwidth resource availability
- If the target is online. The target will not be scanned during the scan window if it is offline.
Resolution: Make sure the target is online and that there is adequate bandwidth resource availability. If the target is online and there is adequate bandwidth resource availability, no further action is needed.
Subnet scans are timing out
Possible cause: The target subnet range is too large.
Resolution: Scan subnet ranges /24
and smaller, excluding /8
, /16
, or /20
. Scanning these large subnet ranges may cause a timeout issue.
For more information about subnet scan ranges, see Managed Risk Scanner FAQ.
Clicking Rescan did not rescan the target host
Possible cause: When a target host is selected for rescanning, the target host is placed at the top of the least recently scanned list. A new scan does not immediately start when you click Rescan.
Note: If the target host is offline at the time of the rescan request, the Risk Scanner attempts to rescan the host. This scenario can happen because risks are not removed from the Risks table until the target host has been offline for more than 24 hours.
Resolution: No action needed. If the target host is online, it will be scanned as capacity increases.