Introduction to AppScan Enterprise

IBM® Security AppScan® Enterprise provides centralized control with new advanced application scanning, remediation capabilities, enterprise application security status metrics, key regulatory compliance reporting, and seamless integration with AppScan Standard, and provides User Administration capabilities for AppScan Source. AppScan Enterprise provides security teams with the application security intelligence needed to make informative risk-based decisions, including the capability to build a consolidated inventory of all application assets. Assets can be described in terms of a list of attributes meaningful to the organization. Security specialists can query the portfolio to identify types of applications that match certain characteristics.

AppScan Enterprise provides:

This diagram depicts the AppScan Enterprise ecosystem, including integrations.

AppScan Enterprise ecosystem

The SQL Server Database

The SQL Server database is the central repository for the following information gathered during a job: statistics, scan logs, polling for activity events, and is the means of communication between the Enterprise Console and the testing agents on the Dynamic Analysis Scanner. Regardless if you install the Server or Scanner, you create a database on a SQL Server you have installed in your environment. It should be configured first so that key information that AppScan Enterprise Server requires during configuration is ready and available. The database contains the following data:

AppScan Enterprise Server

This component comprises:

Dynamic Analysis Scanner

A local database file is created at the beginning of each scan. Having a local database improves performance and scalability because it frees up the resource load on the central SQL database. The local database holds the information for each job the Scanner runs and sends the data to the main SQL Server database when the scan is completed.

The Scanner comprises two services:
  • Agent service and agents: The agent service monitors the SQL Server database for jobs to perform. An agent is a Windows process that is created by an agent service when there is a job to be performed. While a scan job is in progress, the agent records the scan information in the database. If alerts have been configured, the alerting service informs the relevant users when specific events occur during the job.
    1. Content and infrastructure agents can perform only one job at a time; however, a single Scanner can run more than one agent simultaneously. More than one job of the same type can be executed simultaneously on a given computer, with each job being run in its own agent process.
    2. The number of jobs running can exceed the maximum number of agents assigned to the Scanner because the number of jobs running includes jobs that are now in postprocessing or report generation. These jobs are no longer using an agent on the Scanner.
    3. If the number of blackout period suspended jobs exceeds the available number of available agents on the Scanner, the blackout period suspended job is given priority when it is time to run the next job.
  • Alerting service: The alerting service is responsible for sending alerts to the appropriate notification devices. Although you can have as many agents and agent services as you need, only one alerting service can be installed for each database.