Scanning and Remediation Templates
    • Dark
      Light
    • PDF

    Scanning and Remediation Templates

    • Dark
      Light
    • PDF

    Article Summary

    A Template scans devices for security issues and can initiate automatic remediation actions to resolve the issues. You can customize:

    • Which devices to scan.
    • Which issues to search for.
    • Which issues to automatically remediate.
    • When devices are scanned and when issues are remediated.

    You can create multiple Templates for different purposes. For example:

    • Perform a weekly scan of all devices for a general set of security issues.
    • Perform a daily scan of devices in the IT department for a specific set of critical security issues and remediate them immediately if detected.

    Note that Templates act independently from each other. If you target the same device with multiple Templates, the device will be scanned for the sum of all issues configured across each Template.

    Create and manage Templates

    To view your Templates and to create new ones, go to the Templates section at the top of the page.

    Templates page main.png

    To create a Template, click Create Template and follow the steps in the Template configuration wizard. Details for all of the configuration options are described below in this article.

    Tip

    Instead of creating a Template from scratch, you can create a duplicate of an existing Template.
    Create duplicate template.png

    You can disable or enable a Template by cliking on the three dots menu. A disabled Template will not run any scan or action on your devices. The Status column shows the current state of each Template.

    Targeted devices

    A Template scans and remediates issues only on targeted devices. You can target devices by:

    Assigned devices.png

    Scanning scope

    A Template only scans for issues that are within its Scanning Scope. When creating a Template, you can browse the available issues that Secure DX can detect and select which ones to add to the scanning scope from the following categories:

    • Misconfig - Operating system settings that don't meet security recommendations and best practices.

    • Compliance - Checks if antivirus and other security control software is installed and working properly to protect your devices. Note that some security checks simulate real threats such as a malware download and might cause excessive alerting in other security software. It is important that you inform your security team before performing these security checks. Learn more about security checks.
      security check warning.png

    • Vulnerabilities - Common Vulnerabilities and Exposures (CVEs).

    • Patches - Applications or operating systems that need to be patched.

    The available issues are sourced from multiple public and private databases such as Mitre and NVD. ControlUp syncs with these databases multiple times per day so your organization can stay protected against the latest security risks.

    Select Scanning Scope.png

    Automatic remediation

    Optionally, enable Auto Remediation and select which issues the Template automatically remediates when detected. Only issues with an available remediation are able to be selected.

    Remediation availability

    Secure DX isn't able to remediate every security issue that it can detect. For example, some issues must be remediated by properly configuring your antivirus software.

    When viewing detected issues on the Issues page, the Remediation Status shows whether a remediation is available from Secure DX.

    If you disable Auto Remediation you can manually initiate the remediation later.

    Scanning and remediation schedule

    Note

    This section describes schedules. Learn more about how scheduling works in Secure DX.

    You can set when a Template scans devices and when it remediates issues independently.

    The Scanning Schedule determines when the Template scans for issues on the targeted devices.
    Scanning schedule.png

    The Remediation Schedule determines when the Template automatically remediates detected issues.

    • If remediation schedule is set to Immediately, then the Template remediates an issue as soon as it is detected on a device.
    • If remediation schedule is set to Scheduled, then the Template remediates issues at a scheduled time after the issue was detected. You can set a different schedule for each issue category. For exmaple, you might want to remediate misconfiguration soon after the scan is performed, but wait until after business hours to patch applications.

    Auto restart devices if requried

    A Template can automatically restart a device if a remediation requires a restart to complete. If a restart is required, you can choose to:

    • Notify the user that a restart is required.
    • Notify the user that a restart is required and force the device to restart after a specified number of user notifications.
    • Restart the device without notifying the user.

    auto restart notification.png

    Send a custom message

    A Template can a custom message to devices according to a schedule. For example, you might want to notify users that their device is about to be scanned for security issues.

    To send a user message, enable User Message and enter a message and schedule. Learn how to define a schedule.


    Was this article helpful?

    What's Next