Exciting news! We are redesigning the Arctic Wolf Help Documentation site to provide a better user experience. Our new site will launch on May 1, 2024.

Risk Scan Engine Deployment

Updated Feb 20, 2024

Deploy Arctic Wolf Risk Scan Engine

You can deploy Arctic Wolf Risk Scan Engine (formerly Joval) using these deployment models:

You can implement them simultaneously in a hybrid deployment model, which is helpful in network infrastructure components of an environment that you cannot deploy software to.

Risk Scan Engine does not require installation or deployment of databases or server infrastructure. Instead, the tool integrates with existing enterprise reporting and automation systems. For more information about Risk Scan Engine deployment models, see the User Guide files in the zip files for the components you license.

Host-based deployment

A small Risk Scan Engine software library exists on each endpoint that you want to scan. An existing enterprise-grade deployment and orchestration system is used to distribute this library, and the relevant security benchmarks and vulnerability definitions, to each participating endpoint system. The orchestration system can also start a scan and collect scan results for cataloging in a central result store. Risk Scan Engine implements the scan logic and provides complete standards-based result information that is lightweight and easy for the central result store to process.

Agentless deployment

A Risk Scan Engine-enabled application, called a sensor, is deployed to one or more hosts with network connectivity required to scan the target environment. Sensors can perform credentialed and non-credentialed scans over the network and accommodate complex network topologies. For example, SOCKS and HTTP proxies, and multi-hop SSH gateways. You can also use Risk Scan Engine sensors to generate result transformations that a central result store can process.

Offline scanning deployment

Risk Scan Engine can perform vulnerability and compliance scans against a variety of offline file formats. For example, router configurations, Docker images, and zip files.

Input file formats for offline scanning

Risk Scan Engine supports offline scanning for Cisco and Juniper routers.

For Cisco devices, the target input file must contain output from the show tech-support command or output from any set of commands in the same format. At a minimum, include these commands in the output file:

For Juniper devices, include output from this command:

Risk Scan Engine uses the results file for scanning, instead of the device.

See also