Arctic Wolf Managed Risk Scanner Configuration Migration
Updated Jul 31, 2023Migrate Managed Risk Scanner configurations
During an operating system upgrade, you can migrate these scanner configurations:
-
Configuration settings, including:
- Enable OpenVAS scanning
- Enable Nmap scanning
- Ping-only mode configuration
- Denylist configuration
- DNS configuration
-
Preferences, including:
- Brute force scanning disablement
- CGI scanning disablement
-
Schedules, including configured times for scans to run
-
Credentials for credentialed scanning
Note: Due to end-to-end encryption, you must manually migrate any credentialed scanning configurations.
Before you begin
- Follow the instructions for the physical scanner that Arctic Wolf sent to you or the instructions for your preferred virtual deployment option. See the Managed Risk Scanner Installation and Configuration Guide.
- Allowlist all IP address ranges, as described in the appropriate installation guide.
- On the Risk Dashboard, confirm that your new scanner is registered and can connect to Arctic Wolf. See Scanner Configuration in the Risk Dashboard User Guide for more information.
Note: If you are migrating a physical scanner, contact your Concierge Security Team® (CST) to replace the hardware.
Migration options
There are two available options to do this migration. Choose the option that best suits you.
-
Manually Migrate Your Managed Risk Scanner Configuration — If you have a small number of configurations to migrate.
-
Migrate Managed Risk Scanner configuration using a script — If you have a large set of scan schedules and manual migration is not convenient.
Note: This script migrates scan endpoints, scan schedules, DNS entries, and denylist configurations. However, this script does not migrate credentials for credentialed scans because they are end-to-end encrypted. To migrate credential scan configurations, you must instead add them as new credential scans.
Manually migrate your Managed Risk Scanner configuration
You can manually migrate all Managed Risk Scanner configurations, preferences, and scan schedules.
Before you begin
Before you begin the migration, we recommend taking one of these approaches so that you can easily set configurations, preferences, and schedules on the new scanner:
- Open two instances of the Risk Dashboard, one for both the old and new scanner, which you can refer to as needed.
- Take screenshots of the old scanner configuration, troubleshooting settings, and scan schedules which you can refer to as needed.
Note: If you are migrating a physical scanner, contact your Concierge Security Team® (CST) to replace the hardware.
Steps
Step 1: Migrate configuration settings and preferences
- In the Risk Dashboard, click Config > Scanner Config to open the Scanner Config page.
- In the Scanner ID field, confirm that the new scanner is selected.
- Under Scanner Configuration, make adjustments to scan configuration to match the old scanner:
- Enable or disable Host Identification Scans using the toggle.
- Enable or disable Vulnerability Scanning using the toggle.
- In the DenyList IP/Networks field, add IP addresses or networks.
- In the Host Collection DNS Servers field, enter the DNS server address.
- Click Troubleshooting Settings to open the Troubleshooting settings dialog and make adjustments to match these settings with the old scanner:
- Enable or disable Brute force checks using the toggle.
- Enable or disable CGI scanning using the toggle.
- Enable or disable Only ping the target using the toggle.
Step 2: Migrate scan schedules
To migrate scanner schedules to the new scanner:
-
For each scan schedule that you need to migrate:
- Under Scanning Schedule, click Add a new scan schedule to open the Configure Scanning Scheduler dialog, and enter all scan schedule details.
Tip: See Add a new scan schedule in the Risk Dashboard User Guide for complete steps.
- . Click Configure to save the schedule for the new scanner.
-
Remove the schedule from the old scanner:
- In the Scanner Configuration section, click the magnifying glass to select your old scanner UUID from the list.
- Click the trash can beside existing scan schedules that you migrated to the new scanner. That way, both scanners do not scan the same networks and report the same risks multiple times.
Next steps
- See Migrate credentialed scan configurations for more information.
Migrate Managed Risk Scanner configuration using a script
You can use a migration script to migrate all Managed Risk Scanner configurations, preferences, and scan schedules.
Requirements
Before you run any migration commands, confirm that you have installed and configured the following:
- The latest Linux distribution
curl
jq
tar
Steps
-
Download the tar file from the link that your Concierge Security® Team (CST) provided.
-
Run this command to extract the contents of .tar file:
tar -xvf migrate_config.tar
-
Run this command to change to the the extracted directory:
cd migrate_config/
-
Run this command to change the permission of the script and let it run:
sudo chmod +x migrateScannerConfig.sh
-
Run this command to run the migration script:
./migrateScannerConfig.sh
-
When prompted, enter the old scanner UUID as the
source scanner UUID
. -
When prompted, enter the new scanner UUID as the
destigation scanner UUID
.
If the script succeeds, a message similar to this appears: Configuration, preferences and schedules have been successfully migrated
Note: If there is an error or issue, contact your CST and include the red status messages that explains the failure. Do not proceed with the migration.
Next steps
- See Migrate credentialed scan configurations for more information.
Migrate credentialed scan configurations
If you have any credentialed scans that existed on your previous scanner, you must add them as new credentials in the Risk Dashboard.
See Add new scan credentials in the Risk Dashboard User Guide for complete steps.
Contact your CST
After completing all migration steps, contact your Concierge Security® Team (CST) so that they can validate that all required configuration was successfully migrated to your new scanner.