This window lets you view and configure the assessment configurations that define the assessment requirements for end-systems. Assessment configurations define the following information:
- How to score assessment results (determined by the selected Risk Level and Scoring Override configurations).
- What assessment tests to run (determined by the selected test sets).
Once you have defined your assessment configurations, they are available for selection when creating your NAC configurations.
To access this window, select Tools > Management and Configuration > Assessment Settings from the menu bar to open the Manage Assessment Settings window. Select the Assessment Configurations tab. In the tab you can select an existing configuration and click Edit to open the Edit Assessment Configuration window, or you can click Add to add a new assessment configuration, and then open the Edit Assessment Configuration window.
Click areas in the window for more information.
- Scoring Override Configuration
- Use the drop-down list to select the scoring override configuration for this assessment
configuration. Scoring overrides let you override the
scoring mode and test result scores for a particular assessment test.
The default scoring override configuration provided by NAC Manager specifies no
overrides, but can be edited to contain overrides, if desired.
Use the configuration menu button to:
- Edit — Edit the currently selected scoring override configuration.
- Add — Add a new scoring override configuration.
- Create Copy — Create a copy of the currently selected scoring override configuration.
- Used By — Lists all assessment configurations currently using the selected scoring override configuration.
- Manage — Opens the Manage Scoring Override Configurations window where you can view details about all your scoring override configurations, and add, edit, or delete one or more of the configurations.
- Risk Level Configuration
- Use the drop-down list to select the risk level configuration for this assessment
configuration. The risk level configuration determines what risk level
is assigned to an end-system (high, medium, or low) based on the
end-system's health result details score.
Use the configuration menu button to:
- Edit — Edit the currently selected risk level configuration.
- Add — Add a new risk level configuration.
- Create Copy — Create a copy of the currently selected risk level configuration.
- Used By — Lists all assessment configurations currently using the selected risk level configuration.
- Manage — Opens the Manage Risk Level Configurations window where you can view details about all your risk level configurations, and add, edit, or delete one or more of the configurations.
- Advanced Button
- Use the Advanced button to access the
Advanced Assessment Configuration
window where you can enable assessment warning periods. Warning periods
let you specify a grace period and probation period used
for assessment warnings.
- Grace Period — specify the number of days the end user has to resolve the warning issues before the end-system is quarantined.
- Probation Period — The number of days after an end user is quarantined that additional warnings result in immediate quarantine. This allows administrators to block repeat offenders by limiting their access to the network. Once the probation period has passed, the end user can again receive assessment warnings. Setting the probation period to 0 is the same as having no probation period.
- Test Sets
- Select one or more test sets to run for this assessment
configuration. Test sets define which type of assessment to launch
against the end-system, what parameters to pass to the assessment
server, and what assessment server resources to use.
If you select multiple agent-based test sets, the first test set you select is called the Master test set. A Master test set includes the Agent Configuration settings, the Advanced Settings, and all the specified test cases. Each subsequent agent-based test set you select for the configuration is a "supporting" test set. For supporting test sets, only the "Application" test cases are used; all other configuration values are ignored. In the list of Test Sets, Master test sets have a "(Master)" designation after them.
For example, you might want to use multiple agent-based test sets if you are managing multiple networks, and you have a unique agent-based test set for each network as well as secondary test sets for specific application tests that all the networks would use. In the assessment configuration for each network, you would select the unique test set as the Master test set and then select any number of secondary test sets to be included in the configuration as well.
If the Master test set is deselected, then a new master is automatically selected. If this is not the specific test set that you would like to have as Master, then you must deselect all test sets, select the desire Master test set first, and then select the additional supporting test sets.
Use the configuration menu button to:
- Add — Add a new test set:
- Edit — Edit the currently selected test set.
- Create Copy — Create a copy of the currently selected test set.
- Used By — List all assessment configurations currently using the selected test set.
- Manage Test Sets — Opens the Manage Test Sets window where you can view details about all your test sets, and add, edit, or delete one or more of the test sets.
- Delete — Deletes the currently selected test set.
- Manage Assessment Server Pools — Opens the Manage Assessment Server Pools window where you can view and define the assessment server pools to be used by the test sets.
- Manage Assessment Servers — Opens the Manage Assessment Servers window where you can view and configure the Assessment servers that perform the end-system assessments in your network.
For information on related windows: