Vulnerability Scanning FAQ

How often is data refreshed from the Vulnerability Scanning Sub-Agent?

The vulnerability subagent platform runs a scan every 4 hours on your asset. Armor pulls data from the subagent on a separate 4 hour interval and stores it. When you click the "refresh data" link on the "Vulnerabilities" tab, a new snapshot is generated reflecting the most recent data pulled, this data is refreshed automatically every day at 10:00 PM UTC. You can also generate a new Report with this data from the Reports tab by clicking "Get New Report". This is generated automatically every Sunday at 10:00 PM UTC and is stored for 13 months.

What is the Severity scale?

As of April 1, 2021 we are using the NVD CVSS v3.0 Vulnerability Severity Ratings (0 - 10, None - Critical) (https://nvd.nist.gov/vuln-metrics/cvss). Prior to this date, the Severity score was based on the subagent platform scoring

The vulnerability scoring of my reports suddenly changed several of my criticals to non-critical, why?

On April 1, 2021 we switched from the vulnerability subagent platform severity scoring to the industry standard of NVD CVSS v3.0 (https://nvd.nist.gov/vuln-metrics/cvss). Some of what the vulnerability subagent platform deemed critical, may not have a 10.0 CVSS v3.0 score.

Why is the Vulnerability Scanning Sub-Agent showing unhealthy?

This can happen for a number of reasons including, but not limited to:

• Vulnerability agent did not install successfully

• Vulnerability agent did not sync to armor correctly

• Vulnerability agent service is not running

For more information on remediating vulnerability agent issues, please see the following documentation.

What do I do if the vulnerability agent did not install correctly?

Before contacting support try running the `armor vuln reinstall` command, if that does not remediate it, run the `armor vuln diagnostics` command and open a ticket with support.

If uninstalling and reinstalling continues to fail, a reboot might be required.