Versions Compared

Old Version 141

changes.mady.by.user Catie G.

Saved on

compared with

New Version 142

changes.mady.by.user Catie G.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Version published after converting to the new editor

Product Overview

...

The Vulnerability Scanning service provides for continuous vulnerability scanning. For Virtual Machines, the service is facilitated by a vulnerability scanning agent that is deployed with the Armor Agent (the "Scan Agent"). For container images, the service is facilitated by a container sensor deployed to a container host (the "Sensor").

...

Armor's vulnerability scanning service puts our customers in control of their network. Keeping them ahead of the next threat through increased visibility, preparedness, and protection. Armor's service scans internal and external networks for technical vulnerabilities, patching, and compliance issues—providing clients with the ability to mitigate risk and ensure compliance.

Note

To fully use this screen, you must add the following permissions to your account:

  • View Vulnerability Scans
  • Write New Vulnerability Report
  • View Vulnerability Exclusions
  • Write Vulnerability Exclusions

...

Users can manually refresh the table data using the refresh data link at the top of the table, but the data displayed will only reflect the state of the environment at the time of the last interval scan. For example, if your next scheduled scan occurs at 4pm, refreshing the data will show the state of your environment at noon and not reflect any patching you did at 3:30pm.

This screen also displays severity levels for each detected vulnerability, along with the quantity of vulnerabilities detected for each severity level. A severity is assigned to a vulnerability based on the Common Vulnerability Scoring System (CVSS). CVSS is the accepted system to rate the severity status of a vulnerability. Armor uses NVD CVSS v3.0 to score vulnerabilities. To learn more, please see the National Vulnerability Database website.

You can use this information to prioritize how to troubleshoot these vulnerabilities, as well as understand how these vulnerabilities can affect your environment.

...

ColumnDescription
Vulnerability NameThis column displays the name of the vulnerability scan report.
Affected AssetsThis column displays the number of assets affected by the vulnerability, regardless of asset type (virtual machines and/or container images).
Excluded AssetsThis column displays the number of assets excluded from the scan for the vulnerability.
CVSS Score

This columns displays the Common Vulnerability Scoring System (CVSS) score assigned to the vulnerability.

The breakdown of CVSS Scores aligns with the Severity types.

Severity

This column displays the severity level of the vulnerability.

There are four severity types, based on the vulnerability's CVSS:

  • Critical vulnerabilities receive a score of 10.
  • High vulnerabilities receive a score of 7-10.
  • Medium vulnerabilities receive a score of 4-7.

  • Low vulnerabilities receive a score of 0-4.

    Note

    There is an additional severity type calledInfo. AlthoughInfois listed as a severity type, in reality,Infosimplydisplays activity information for corresponding plugins from third-party vendors.


Known Exploits

This column indicates if there are any known exploits for the vulnerability.

  • Yes indicates that a known exploit exists for the vulnerability.
  • No indicates that there are no known exploits.


Clicking a Vulnerability Name will take the user to the detail screen for that vulnerability. The vulnerability detail screen includes a synopsis of the vulnerability, a table of affected assets, and the remediation guidance for the vulnerability.

...

ColumnDescription
Vulnerability This column displays the name of the vulnerability excluded.
Excluded AssetsThis column displays the number of assets excluded from the vulnerability, regardless of asset type (virtual machines and/or container images).
ReasonThis column displays the risk reason selected in the Exclude Assets form.
CVSS Score

This columns displays the Common Vulnerability Scoring System (CVSS) score assigned to the vulnerability.

The breakdown of CVSS Scores aligns with the Severity types.

Severity

This column displays the severity level of the vulnerability.

There are four severity types, based on the vulnerability's CVSS:

  • Critical vulnerabilities receive a score of 10.
  • High vulnerabilities receive a score of 7-10.
  • Medium vulnerabilities receive a score of 4-7.

  • Low vulnerabilities receive a score of 0-4.

    Note

    There is an additional severity type calledInfo. AlthoughInfois listed as a severity type, in reality,Infosimplydisplays activity information for corresponding plugins from third-party vendors.


Known Exploits

This column indicates if there are any known exploits for the vulnerability.

  • Yes indicates that a known exploit exists for the vulnerability.
  • No indicates that there are no known exploits.

Users can filter the table by any of the columns listed above.

...

COLUMN NAMEDESCRIPTION
Vulnerability Name

This column displays the name of the vulnerability.
You can click theVulnerability Nameto learn more about the vulnerability. You will be taken to a detailed page where you can review a description of the vulnerability, along with the solution. To learn how to troubleshoot, seeTroubleshoot a vulnerability.

Affected Assests

This column displays the virtual machines (host) affected by the vulnerability.

If you are unfamiliar with the name of a virtual machine, you can use theVirtual Machinesscreen to search.

  1. Copy the desired virtual machine name (host name or CoreInstance ID).
  2. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure.
  3. Click Virtual Machines.
  4. In the search field, paste the virtual machine name (host name or CoreInstance ID), and then click the magnifying glass icon.
CategoryThis column displays the category(s) associated with the vulnerability. For a complete list of vulnerability categories and QIDs, please see this documentation.
Known Exploits

This column indicates if there are any known exploits for the vulnerability.

  • Yesindicates that a known exploit exists for the vulnerability.
  • Noindicates that there are no known exploits.
Severity

This column displays the severity of the vulnerability.

There are four severity types, based on the vulnerability's CVSS:

  • Critical vulnerabilities receive a score of 10.
  • High vulnerabilities receive a score of 7-10.
  • Mediumvulnerabilities receive a score of 4-7.
  • Low vulnerabilities receive a score of 0-4.

There is an additional severity type calledInfo. AlthoughInfois listed as a severity type, in reality,Infosimplydisplays activity information for corresponding plugins from third-party vendors.

...

Filter By Virtual Machines

...

You will only see vulnerabilities for your active virtual machines.

When you filter the tableBy VM(virtual machines / host) you will see:

...

An example of Vulnerability logs can be seen below:


For a full list of Log Search fields and descriptions, please visit our glossaryhere.


Info

Anchor
Troubleshoot a vulnerability
Troubleshoot a vulnerability
Troubleshooting

Each listed vulnerability contains information on how to troubleshoot the vulnerability, typically by downloading a patch from an external source.

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security.
  2. Click Vulnerability Scanning.
  3. Select a vulnerability scanning report.
  4. In the next screen, select By Vulnerabilities.
  5. Select a vulnerability. You will be taken to a description page where you can review a description of the vulnerability, including the solution.
  6. Under See Also, click the link to access external information and to download a patch.
Note

To return to the previous screen and view additional vulnerabilities for the current report, click the name of the current report in the top menu.


...

Info

Troubleshooting

If you do not see any data in theVulnerability Scanningscreen, consider that:

  • The scanning is not complete.
    • The scan takes place every Sunday at approximately 10:00 PM, local server time.

  • Your firewall rules have not been updated to support this feature. This applies onto for the Scan Agent and not Container Images

    INBOUND / OUTBOUNDSERVICE / PURPOSEPORTDESTINATION
    Outbound

    Vulnerability Scanning

    		*443/tcp64.39.96.0/20

    * The agent will perform a lookup to the applicable DNS entry, which may resolve to one of multiple Amazon Web Services based subnets. As a result, if your firewall does not support outbound filtering by domain name, then you may need to open all outbound traffic to 443/tcp to accommodate this service.

  • You do not have permission to view this screen.
    • You must have theView Vulnerability Scanspermission enabled. Contact your account administrator to enable this permission. To learn how to update your permissions, see Roles and Permissions.

If a virtual machine is incorrectly labeled asoffline in a report, then contact Armor Support to run the Armor Toolbox.

...