Topics Discussed
...
AMP provides information related to vulnerability information and includes vulnerability reports on a weekly basis. Each report contains details on the vulnerabilities identified, including the name and description of each vulnerability, the assets that are affected by each vulnerability, the CVSS score for the vulnerability, and the criticality rating (i.e., Critical, High, Medium, Low, or Informational). Customer can review the results by each vulnerability on a virtual machine/container image basis and by the criticality rating of the identified vulnerabilities.
...
Armor's vulnerability scanning service puts our customers in control of their network. Keeping them ahead of the next threat through increased visibility, preparedness, and protection. Armor's service scans internal and external networks for technical vulnerabilities, patching, and compliance issues—providing clients with the ability to mitigate risk and ensure compliance.
Note |
---|
To fully use this screen, you must add the following permissions to your account:
|
...
Users can manually refresh the table data using the refresh data link at the top of the table, but the data displayed will only reflect the state of the environment at the time of the last interval scan. For example, if your next scheduled scan occurs at 4pm, refreshing the data will show the state of your environment at noon and not reflect any patching you did at 3:30pm.
This screen also displays severity levels for each detected vulnerability, along with the quantity of vulnerabilities detected for each severity level. A severity is assigned to a vulnerability based on the Common Vulnerability Scoring System (CVSS). CVSS is the accepted system to rate the severity status of a vulnerability. Armor uses NVD CVSS v3.0 to score vulnerabilities. To learn more, please see the National Vulnerability Database website.
You can use this information to prioritize how to troubleshoot these vulnerabilities, as well as understand how these vulnerabilities can affect your environment.
...
Column | Description | ||
---|---|---|---|
Vulnerability Name | This column displays the name of the vulnerability scan report. | ||
Affected Assets | This column displays the number of assets affected by the vulnerability, regardless of asset type (virtual machines and/or container images). | ||
Excluded Assets | This column displays the number of assets excluded from the scan for the vulnerability. | ||
CVSS Score | This columns displays the Common Vulnerability Scoring System (CVSS) score assigned to the vulnerability. The breakdown of CVSS Scores aligns with the Severity types. | ||
Severity | This column displays the severity level of the vulnerability. There are four severity types, based on the vulnerability's CVSS:
| ||
Known Exploits | This column indicates if there are any known exploits for the vulnerability.
|
Clicking a Vulnerability Name will take the user to the detail screen for that vulnerability. The vulnerability detail screen includes a synopsis of the vulnerability, a table of affected assets, and the remediation guidance for the vulnerability.
...
Column | Description | ||
---|---|---|---|
Vulnerability | This column displays the name of the vulnerability excluded. | ||
Excluded Assets | This column displays the number of assets excluded from the vulnerability, regardless of asset type (virtual machines and/or container images). | ||
Reason | This column displays the risk reason selected in the Exclude Assets form. | ||
CVSS Score | This columns displays the Common Vulnerability Scoring System (CVSS) score assigned to the vulnerability. The breakdown of CVSS Scores aligns with the Severity types. | ||
Severity | This column displays the severity level of the vulnerability. There are four severity types, based on the vulnerability's CVSS:
| ||
Known Exploits | This column indicates if there are any known exploits for the vulnerability.
|
Users can filter the table by any of the columns listed above.
...
For instructions on how to get started with Container Images, please see the documentation provided here.
View a Report
...
In the Armor Management Portal (AMP), in the left-side navigation, click Security.
Click Vulnerability Scanning.
Click the Reports tab.
Locate and select the desired scan.
On the next screen, you can filter the table By Vulnerabilities or By VM (virtual machine / host).
...
COLUMN NAME | DESCRIPTION |
---|---|
Vulnerability Name | This column displays the name of the vulnerability. |
Affected Assests | This column displays the virtual machines (host) affected by the vulnerability. If you are unfamiliar with the name of a virtual machine, you can use the Virtual Machines screen to search.
|
Category | This column displays the category(s) associated with the vulnerability. For a complete list of vulnerability categories and QIDs, please see this documentation. |
Known Exploits | This column indicates if there are any known exploits for the vulnerability.
|
Severity | This column displays the severity of the vulnerability. There are four severity types, based on the vulnerability's CVSS:
There is an additional severity type called Info. Although Info is listed as a severity type, in reality, Info simply displays activity information for corresponding plugins from third-party vendors. |
...
Filter By Virtual Machines
...
You will only see vulnerabilities for your active virtual machines.
When you filter the table By VM (virtual machines / host) you will see:
...
An example of Vulnerability logs can be seen below:
...
For a full list of Log Search fields and descriptions, please visit our glossary here.
Info | ||
---|---|---|
TroubleshootingEach listed vulnerability contains information on how to troubleshoot the vulnerability, typically by downloading a patch from an external source.
|
Info |
---|
TroubleshootingIf you do not see any data in the Vulnerability Scanning screen, consider that:
If a virtual machine is incorrectly labeled as offline in a report, then contact Armor Support to run the Armor Toolbox. |
...