Now that you have your Workload Hardening policy, use it to create an On-Demand Scan.
To configure a Workload Hardening Scan:
- Choose Policy > On-Demand Scan.
- Click Actions > Create a Scan.
- The Scan Creation Wizard is displayed. On the General Info page enter the following:
- Scan Type. Select Workload Hardening.
- Name. Enter a unique identifier so that you can rerun the scan later.
- Description. Enter an optional description for the scan.
- Service Instance. Select the cloud service instance you want to scan.
- Click Next.
- The Select Policies page displays the active Workload Hardening policies. Select the policies you want to use, and click Next.
- On the Configure Scan page, select the default VM Instances.
- All Accounts. Scan all accounts.
- Include Specific Accounts. To include only specific accounts, click Edit and select the applicable Account checkbox.
- Exclude Specific Accounts. To exclude only specific accounts, click Edit and select the applicable Account checkbox.
- Tags. Select any tags you want to use to select resources for your rule, and enter the key-value pair.
- Click Next.
- On the Schedule Scan page, select the schedule to run your scan and click Next:
- None (On-Demand Only). Run the scan once now.
- Daily. Run the scan once a day. Configure the time and time zone.
- Weekly. Run the scan once a week. Configure the day, time, and time zone.
- On the Review and Activate page, review your settings for the On-Demand Scan, and click Save. Click Back to make changes.
When a scan is complete, you can view the results or return to scan on the Policy > On-Demand Scan page.
You can view policy incident violations on the Policy > Policy Incidents page. Filter for Incident Type > Workload Hardening.