Migrating Your Managed Risk Scanner Configuration
Overview of Managed Risk Scanner migration Direct link to this section
This guide provides an overview of how to migrate these scanner configurations from one scanner UUID to another, for example during an operating system upgrade:
-
Configuration settings, including:
- Enable OpenVAS scanning
- Enable Nmap scanning
- Ping-only mode configuration
- Denylist configuration
- DNS configuration
-
Preferences, including:
- Brute force scanning disablement
- CGI scanning disablement
-
Schedules, including configured times for scans to run
-
Credentials for credentialed scanning
Note: Due to end-to-end encryption, you must manually migrate any credentialed scanning configurations.
Before you start the migration Direct link to this section
Before you migrate scanner configurations, you must:
- Follow the instructions for the physical scanner that Arctic Wolf sent to you or the instructions for your preferred virtual deployment option. See the Managed Risk Scanner Installation and Conriguration Guide.
- AllowList all IP address ranges, as described in the appropriate installation guide.
- On the Risk Dashboard, confirm that your new scanner is registered and can connect to Arctic Wolf. See Scanner Configuration in the Risk Dashboard User Guide for more information.
Note: If you are migrating a physical scanner, contact your Concierge Security Team® (CST) to replace the hardware.
Migration options Direct link to this section
There are two available options to do this migration, choose the option that best suits you.
-
Manually Migrating Managed Risk Scanner Configuration — If you have a small number of configurations to migrate.
-
Migrating Managed Risk Scanner Configuration Using a Script — If you have a large set of scan schedules wherein manual migration is not convenient.
Note: This script migrates scan endpoints, scan schedules, DNS entries, and DenyList configurations. However, this script does not migrate credentials for credentialed scans because they are end-to-end encrypted. To migrate credential scan configurations, you must instead add them as new credential scans.
Credentialed scanning migration Direct link to this section
If you have any credentialed scans that existed on your previous scanner, you must add them as new credentials in the Risk Dashboard.
See Credentialed Scanning in the Risk Dashboard User Guide for complete steps.
Contacting your CST Direct link to this section
After completing all migration steps, contact your Concierge Security® Team (CST) so that they can validate that all required configuration was successfully migrated to your new scanner.