Create a Workload Hardening Scan

Now that you have your Workload Hardening policy, use it to create an On-Demand Scan. 

1. Choose Policy > On-Demand Scan.
2. Click Actions > Create a Scan.
3. The Scan Creation Wizard is displayed. On the General Info page enter the following:
   • Scan Type. Select Workload Hardening.
   • Name. Enter a unique identifier so that you can rerun the scan later.
   • Description. Enter an optional description for the scan. 
   • Service Instance. Select the cloud service instance you want to scan.
     
4. Click Next. 
5. The Select Policies page displays the active Workload Hardening policies. Select the policies you want to use, and click Next.
   
6. On the Configure Scan page, select the default VM Instances. 
   
7. Accounts:
   • All Accounts. Scan all accounts. 
   • Include Specific Accounts. To include only specific accounts, click Edit and select the applicable Account checkbox. 
   • Exclude Specific Accounts. To exclude only specific accounts, click Edit and select the applicable Account checkbox.
8. Tags. Select any tags you want to use to select resources for your rule, and enter the key-value pair. 
9. Click Next. 
10. On the Schedule Scan page, select the schedule to run your scan and click Next:
    • None (On-Demand Only). Run the scan once now.
    • Daily. Run the scan once a day. Configure the time and time zone. 
    • Weekly. Run the scan once a week. Configure the day, time, and time zone.
      
11. On the Review and Activate page, review your settings for the On-Demand Scan, and click Save. Click Back to make changes. 
    

When a scan is complete, you can view the results or return to scan on the Policy > On-Demand Scan page.

You can view policy incident violations on the Policy > Policy Incidents page. Filter for Incident Type > Workload Hardening.