Vulnerability Monitor plays a vital part in monitoring your assets for potential holes that hackers may exploit.
This feature scans the open ports of your Internet-facing assets in order to find outdated software that may be in use. Once we find what software is in use, we check to see if they are known to contain vulnerabilities. These vulnerabilities can allow hackers to install malicious software or steal your sensitive data.
Vulnerability Monitor provides a score and severity barometer for each vulnerability found based on the industry standard CVSS scoring system. Vulnerability scans are run automatically when you add an asset the first time and monthly thereafter.
Below you will find a guide showing you how to use Vulnerability Monitor.
On your Dashboard choose the Vulnerability Monitor from the navigation menu on the left-hand-side of the screen.
On the following screen, you will be able to see all the assets monitored by Vulnerability Monitor.
Next to each asset there are counters of Critical/High/Medium/Low risk vulnerabilities found for this particular asset, the date of Last Scan performed by our application and the Status showing you either a green tick indicating that there are no vulnerabilities found or a red exclamation mark meaning that threats have been found and they need to be reviewed. Next to all that information you can find the “More Info” button that leads to more detailed information about each vulnerability.
On the next screen you can find detailed information about each vulnerability for this particular asset.
Each row contains:
- Vulnerability ID (name/year discovered/count of vulnerability in this specific year)
- Severity:
- Critical – score between 9-10
- High – score between 7-9
- Medium – score between 4-7
- Low – score between 1-3
- Service affected by this vulnerability
- Number of the Port from which we were able to discover the vulnerability
- Score 1-10 (indicating the severity of the issue)
- Found – date when vulnerability has been discovered by us
- Action – you can choose between Risk Accepted (or after reviewing the details and acknowledging the vulnerability it will automatically change to this) or False Positive if you know this vulnerability does not affect your systems for some other reason
8. Status – Active - when you have not reviewed it yet or marked as False Positive/Reviewed when you tick in the Risk Accepted status
Next to all that information you can find the “view” button.
This will trigger a window with information about the vulnerability and all references to websites that contain more info/examples of this vulnerability.