Risk Scan Engine Troubleshooting

Updated Feb 20, 2024

Troubleshoot Arctic Wolf Risk Scan Engine

This information provides solutions for common Arctic Wolf Risk Scan Engine (formerly Joval) issues.

Unexpected scan results

Possible cause:

Resolution: Based on the unexpected result, do one of these actions:

Host Unreachable Error on Windows targets

Possible cause: For remote connectivity to Windows devices, the Windows Remote Management Framework (WinRM) version 2.0 or higher is required.

Resolution:

Host Unreachable Error on VMware VI SDK Targets

Possible cause: The host configuration is incorrect.

Resolution:

Host Unreachable Error on PAN-OS Targets

Possible cause: The PAN-OS device doesn’t have an IP address configured.

Resolution:

  1. Connect to the console port.

  2. Run this command to determine if the PAN-OS device has an IP address:

    show interface management

    An example of a successful output:

    -------------------------------------------------------------------------------
    Name: Management Interface
    Link status:
    Runtime link speed/duplex/state: 1000/full/up
    Configured link speed/duplex/state: auto/auto/auto 
    MAC address:
    Port MAC address <mac_address> 
    
    Ip address: <ip_address>
    Netmask: <netmask>
    Default gateway: <gateway>
    Ipv6 address: unknown
    Ipv6 link local address: unknown
    Ipv6 default gateway: unknown 
    -------------------------------------------------------------------------------
    
  3. If the device does not have an IP address, configure the IP address settings:

    1. Run this command to begin the configuration:
      configure
    2. Run this command to set an IP address:
      set deviceconfig system ip-address <ip_address>
    3. Run this command to set a default gateway:
      set deviceconfig system default-gateway <gateway>
    4. Run this command to set a netmask:
      set deviceconfig system netmask <netmask>
    5. Run this command to commit your changes:
      commit
    6. Wait a few minutes, and then run this command to test the new IP address settings:
      show interface management
  4. If the IP address settings are configured correctly, run this command to determine if your machine can access the host IP address:

    curl -k  https://<ip_address>:<port_number>/api/\?type=keygen

    Example of expected output:

    <response status = 'error' code = '400'><result><msg>Missing value for parameter &quot;user&quot;.</msg></result></response>
    

Host Unreachable Error on other non-Windows targets

Possible cause: For remote connectivity to Unix, Cisco, and Juniper devices, Risk Scan Engine requires access to SSH.

Resolution: Make sure that the target device permits incoming SSH connections.

Unable to sign in to a Windows device using Risk Scan Engine

Possible cause:

Resolution:

  1. Run this command to view permitted authentication methods on the target:
    winrm get winrm/config/Client/Auth
  2. To enable local account logins in this situation, create the LocalAccountTokenFilterPolicy registry value:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
    Value Name: LocalAccountTokenFilterPolicy
    Type: DWORD
    Value: 1
    See Description of User Account Control and remote restrictions in Windows Vista for more information.

Create a ticket for Risk Scan Engine support

You can create a ticket for the support team and attach any relevant support files. See Create a Risk Scan Engine debug package for more information.

  1. In the Customer Support Portal, click Submit New Request, and then configure these settings:
    • Email — (Optional) Enter an email address to receive a copy of the ticket.
    • Subject — Enter a short summary of your concern.
    • Description — Describe your concern.
    • Attachments — Add the debug package and any other supporting materials.
  2. Click Submit.

Create a Risk Scan Engine debug package

A Risk Scan Engine debug package contains low-level application logs designed to help the support team quickly and accurately diagnose an issue. If you are experiencing an issue, use Joval Utilities to create a debug package using one of these methods:

Create a debug package using Joval Utilities in Scan Mode

  1. In the configuration file, remove the semicolons before [Debug] and export.dir near the end of the file to uncomment the debug section.

    For example:

    ;
    ; Uncomment this section to create a debug package for Joval Support.
    ;
    [Debug]
    export.dir: /path/to/dir/for/debug/zips
  2. If your scan includes multiple targets, keep only the ones exhibiting the issue. Remove the rest.

  3. Rerun your scan.

  4. When the scan is complete, navigate to the specified export.dir file to access the debug package zip file.

Create a debug package using Joval Utilities in Xpert Mode

Create a debug package using the Joval SDK

See also