Topics Discussed
Table of Contents | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
In the Detection screen, the Detection score focuses on the incoming activity of Armor services. You can use these scores to determine if Armor is receiving the necessary data to perform useful security checks for your environment.
For Armor Anywhere, these services are:
Malware Protection
FIM
IDS
Filebeat (for Linux)
Winlogbeat (for Windows)
Vulnerability Scanning
Widgets and Graph
...
Widget | Description |
---|---|
Detection Score | This widget calculates a score based on:
|
Events Analyzed | An event is any log that passes an Armor agent. Malware Protection, File Integrity Monitoring, and Log and Event Management contain a subagent. This widget displays data from the previous month. |
Services Reporting | This widget displays the percentage of agents that are receiving events. You can use this number to determine overall if your subagents are running properly. |
Detection Score Trend | This graph displays the history of your detection scores. |
Detection Events
...
The Detection Events table displays information for the past seven days. This table will update every day.
Column | Description |
---|---|
Date | This column displays the date that Armor received the log. |
Total Events | This column displays the number of logs received for that day. |
Category | This columnd display the type of log received from the Total Events column. This column lists the subagent for the collected logs. |
Highest Risk Assets
...
The Highest Risk Assets table displays virtual machines that contain the installed Armor Anywhere agent that are considered highly vulnerable. This table is based on the findings of the weekly vulnerability scanning report.
Column | Description |
---|---|
Asset Name | The name of the virtual machine that contains the installed Armor Anywhere agent. |
Status | This column displays if the virtual machine was successfully Scanned or if the virtual machine is Offline. |
Critical | This column displays the number of vulnerabilities that contained a score of 10. |
High | This column displays a vulnerability that scored between 7 to 10 on the CVSS. |
Medium | This column displays a vulnerability that scored between 4 to 7 on the CVSS. |
Low | This column displays a vulnerability that scored between 0 to 4 on the CVSS. |
Info | This column displays activity information regarding corresponding plugins from a third-party vendor. |
Top Vulnerabilities
...
The Top Vulnerabilities table displays the most critical vulnerabilities found in your environment. This table is based on the findings of the weekly vulnerability scanning report.
Column | Description | ||
---|---|---|---|
Vulnerability Name | This column displays the name of the vulnerability.
| ||
Affected Assets | This column displays the virtual machines (host / asset) affected by the vulnerability.
| ||
Date Discovered | This column displays the date the vulnerability was discovered.
| ||
CVSS | This column displays the CVSS, a score attached to a vulnerability to determine the vulnerability's severity.
| ||
Severity | This column displays the severity of the vulnerability. There are four severity types, based on the vulnerability's CVSS:
|
Improve Your Detection Score
...
In the Armor Management Portal (AMP), in the left-side navigation, click Detection.
Under the Top Vulnerabilities table, click a specific vulnerability type.
This action will take you the Vulnerability Scanning details screen where you can view a description of the vulnerability and the affected virtual machine.