Benefits | IBM Partner Pavilion 2.3 guide

Viewing vulnerabilities by detail in Enterprise Scanner

Use this view to examine event details that might be related to an attack or that you consider unusual.

Benefits

You analyze event data to evaluate the effectiveness of your system’s security and to investigate any suspicious activity. You can analyze event data in several ways:

vExamine events affecting specific agents, hosts, and groups.

vReview high-level results and trends for groups or Sites. This method is particularly useful for printing or distributing reports about network and host security status.

Field descriptions

The following table describes the fields and descriptions for this vulnerability view:

Table 27. Vulnerability view by detail

Field	Description

Tag Name	Use this filter to display or suppress events
	that match one or more tag names. You can
	filter on tag names from the Site database or
	on user-defined tag names.

Severity	Use this filter to display events according to
	their level of severity.

Status	You use the Status filter differently for
	events and vulnerabilities.
	v Events: The Status column indicates the
	impact of the event.
	v Vulnerabilities: The Status column
	indicates whether the vulnerability was
	found.
	Use this filter to show only the statuses that
	interest you.

Target IP	Use this filter to monitor a specific IP
	address that you suspect is the target of
	attacks. The IP address can be either internal
	or external. This information is typically
	modified for you as you explore event data.
	v If you do not know the exact IP address,
	use the options in the Operation list to
	request IP addresses when you do not the
	exact one to request.
	v If you only know the IP address you do
	not want to see, you can exclude one or
	more IP addresses.

Agent DNS Name	Use this filter to display or suppress events
	that match the Domain Name Service (DNS)
	name of a host computer where a agent is
	installed.

Chapter 8. Interpreting scan results in SiteProtector 111

Image 119

IBM Partner Pavilion 2.3 manual Viewing vulnerabilities by detail in Enterprise Scanner, Benefits

Contents

User Guide Version Copyright statement Trademarks and Disclaimer Iv Enterprise Scanner User Guide Contents Part 4. Appendixes 163 Part 3. Maintenance Topics About this bookAudience Technical support contacts Related publications Chapters Part 1. Scanning from the Proventia Manager Enterprise Scanner User Guide Ad hoc scanning in the Proventia Manager Section a Network configurationSection B Policy configuration About this task Section a Network configurationConfiguring the management network interface Procedure Maximum assets per assessment subtask Configuring the scanning network interfaceOption Description Interface Maximum IPs per discovery subtask Configuring scanning interface DNS settings Destination Network Configuring routes for perspectiveAssigning perspective to a scanning interface Option Description Perspective Option Metric Description Section B Policy configurationDefining assets for a discovery scan Before you begin Create groupings interactively Displaying assessment checks by groupsIf you want to Then Clear groupings Click Clear Groupings Displaying information about assessment checks Selecting assessment checks with filters Option Description Ports to scan with generic TCP checks Click the Common Settings tabOption Description Discover and report TCP services Discover and report UDP services Obtained information is older than DefaultOption Description Ports to scan with generic UDP checks Option Description Dynamically determine OS if previously Access level Option Description Verify account access level before usingLocal group membership to verify access Access domain controllers to verify access Maximum Allowable Lockout Duration Lockout Allowed is enabled. WhenOption Description Allowed account lockout Temporary lockout allowed Enterprise Defining assessment credentials for a policy Account Level Option Description Account Type SSH LocalAccount Type SSH Domain Domain/Host Defining the service names associated with TCP and UDP ports Excluded Hosts box Defining ports or assets to exclude from a scanIf you want to Then Exclude ports Exclude assets Scan policy Required Interpreting scan results in the Proventia Manager Running an ad hoc scan Action Icon Description Monitoring the status of a scan Click View/Manage Log Files Viewing the results of an ad hoc scanExporting scan results from Proventia Manager Field Description Purging scan data from the database Enterprise Scanner User Guide Part 2. Scanning from the SiteProtector Console Enterprise Scanner User Guide Enterprise Scanner policies General inheritance behavior Inheritance indicatorsInitially blank or unconfigured? Policy inheritance with Enterprise Scanner policies Enterprise Scanner policies About this task Select Network Enterprise Scanner from the Agent Type list Viewing asset or agent policies for Enterprise Scanner Important Do not click Open Policy inheritance with agent policies Contents of an agent policyAgent policies for Enterprise Scanner Agent policy descriptions for Enterprise Scanner Network Locations policy Assigning perspective to a scanning interface Configuring routes for perspective Click the Event Notification tab Event notification settings for Enterprise ScannerNotification policy Account Purpose Access policyConfiguring advanced parameters for event notification Click the Advanced Parameters tab Networking policy Configuring the management network interface Configuring the scanning network interface Configuring scanning interface DNS settings Services policy Network Time Protocol section Enable the network time protocol NTPTime policy If you want to Then Change the date and time for the agent Asset policy descriptions for Enterprise Scanner Update Settings policyAsset policies for Enterprise Scanner Scope Policy contentsDiscovery policy Before you begin Defining assets to discover Displaying information about assessment checks Assessment policy Displaying assessment checks by groups Selecting assessment checks with filters Configuring common assessment settings Information is older than Option Description Dynamically determine OS if SiteProtector Try to confirm the access level Option Description Allowed account lockout Defining assessment credentials for a policy Assessment Credentials policy Option Description Account Type Windows Scan Control policy Current cycle start date Option Description Job nameCycle start date Cycle duration Important consideration for multiple agents Scan Window policy Defining when scanning is allowed Defining ports or assets to exclude from a scan Scan Exclusion policy Policy inheritance Network Services policyDefault settings Service definition Configuring a Network Services policy Running an ad hoc discovery scan with Enterprise Scanner Configuration optionsAd Hoc Scan Control policy Running an ad hoc assessment scan with Enterprise Scanner Click Generate Support Data File Click the Debug Settings tab Understanding scanning processes in SiteProtector What is perspective? Perspectives in policies Policy How to use Applies toDefining perspectives Placing agents in the correct perspective Network locations and perspectives Term Description Scan jobs and related termsDefinitions Assets with unassigned criticality Common management tasks Types of tasksScheduled and running scans Importance of tasks and subtasks Scan type Number of tasks Priorities for running tasksTasks per type of scan Criticality and assessment tasks Type of scan Reason for prioritization Stages of a scanning processTask prioritization Dynamic prioritization Stage Description Process for a scanning cycle Assessment cycle duration Size of scan windowsCalibration considerations Discovery cycle duration Achieving the right balance Enterprise Scanner User Guide Background scanning in SiteProtector Determining when background scans run Type of scan Description How policies apply to ad hoc and background scansAsset policies and ad hoc scans Changing assessment and discovery policies Scan window and refresh cycle examples Scan Control policy Checklist for background assessment scanning Background scanning checklists for Enterprise ScannerChecklist for background discovery scanning Enabling background scanning Option Description Next cycle start date Defining when scanning is allowed Procedure Type a series of individual IP addresses, a Defining network services Defining assessment credentials for a policy Option Description Account Type SSH Local Monitoring scans in SiteProtector Viewing discovery job results Viewing your scan jobs On ScanGroupName for hosts with Viewing assessment job resultsAssessment subtask explanation This part of the description Describes Finished Assessment Enterprise Scanner User Guide Managing scans in SiteProtector Impact of restarting scan jobs Command ImpactStopping and restarting scan jobs Impact of stopping scan jobs Suspending and enabling all background scans Type of scan Steps to initiate Registration and authenticationMinimum scanning requirements Steps to initiate a scan Priority Troubleshooting scanning behaviors for ad hoc scansScanning behaviors for ad hoc scans Inheritance Expected scanning behaviors for background scans Managing scans in SiteProtector Enterprise Scanner User Guide Interpreting scan results in SiteProtector Certainty of Osid sources OS identification Osid certaintyWhat determines certainty? Sources of Osid Rules for updating Osid How Osid is updated in Enterprise ScannerConditions for reassessing Osid Exception Portal Description Setting up a Summary view for vulnerability managementSummary page for vulnerability management Vulnerability management options Portal Description Benefits Viewing vulnerabilities by asset in Enterprise ScannerAbout vulnerability assessment Creating custom views Field descriptions Field Description Viewing vulnerabilities by detail in Enterprise Scanner Field Description Viewing vulnerabilities by object in Enterprise Scanner Field Vulnerability view by vulnerability name Field Description Report Description Running reports in the SiteProtector ConsoleTypes of assessment reports Report descriptions Report Description Procedure Enterprise Scanner User Guide Logs and alerts Log size Log files and alert notificationTwo types of log files Two types of information System log descriptions System logs Statistic Description Getting log status informationEnterprise Scanner ES logs Log descriptions Changing logging detail Delete Downloading Enterprise Scanner ES log filesDownload Delete a log file Click View/Manage Log Files Icon Description Alerts logRisk level icons Event information icons File Description Downloading and saving an Alerts logClick Generate new log file from Alerts Click Clear current Alerts from event log Clearing the Alerts logFinding specific events in the Alerts log Enterprise Scanner User Guide Search by Alert Id# box If you want to Then Search the Alert log file by Alert IDNumber Enterprise Scanner User Guide Ticketing and remediation Custom categories Ticketing and Enterprise ScannerTickets Vulnerability auto ticketing Scanning recommendations Remediation process overview for Enterprise Scanner Task overview Remediation tasks for Enterprise Scanner Option Tab Description Task 6 Close the ticket Part 3. Maintenance Enterprise Scanner User Guide Performing routine maintenance Shutting down your Enterprise Scanner Removing an agent from SiteProtector Options for backing up Enterprise Scanner Types of backupsIf you restore a system before you make backups Date of last system backup Backing up configuration settings Click the Full Backup tab Choose an option Making full system backups Updating Enterprise Scanner Update location Description Types of updatesUpdate locations Type of update Content Updating options Update optionsInstallation options with scheduled updates Rollbacks and backups Authentication method Advantages and Disadvantages Configuring explicit-trust authentication with an XPU server Name Configuring an Alternate Update locationSelect the Use Alternate Update Server check box Option Description Host or IP CA Certificate Option Description Trust Level Select Enable Proxy Configuring an Http ProxyConfiguring notification options for XPUs Option Description Check for updates daily or weekly Scheduling a one-time firmware updateConfiguring automatic updates Click the Update Settings tab Delayed Option Description Check for updates at given intervalsOption Description Do Not Install Automatically Install Updates Manually installing updates Viewing the status of the Enterprise Scanner agent Model Proventia Manager HomeSystem status Network interface status Header Updates statusProtection status Viewing agent status Viewing agent status in the SiteProtector Console Viewing the status of the CAM modules Troubleshooting the Enterprise Scanner sensorModule or process Description Troubleshooting option Module or process Description Troubleshooting option Part 4. Appendixes Enterprise Scanner User Guide 165 Enterprise Scanner User Guide Product handling information World trade safety information Product safety labels Product recycling and disposal Laser safety informationLaser compliance Battery return program For the European Union For Taiwan Federal Communications Commission FCC Statement Electronic emissions noticesFor California EC Declaration of Conformity In German Canadian Department of Communications Compliance StatementEuropean Union EU Electromagnetic Compatibility Directive Japan Class a Compliance Statement People’s Republic of China Class a Compliance Statement Korean Class a Compliance Statement Enterprise Scanner User Guide 177 Index Reassessing 105 Rules Sources Scan job