Vulnerability Analysis Policies
Purpose
Vulnerability Analysis Policies are used to determine vulnerability details on the managed computers. These are different from the Security Analysis and Remediation Policies, which are more broadly covering configuration details and possibly only measure whether or not patches are generally up-to-date.
Vulnerability Analysis Polices will perform a detailed analysis of exact vulnerabilities that have been reported by software vendors such as Microsoft. As vendors discover software flaws, they have the opportunity to publish those details in Common Vulnerability Enumeration (CVE) standard format, and many companies do this, sometimes even multiple times per day. This standard format allows the server to read these details and perform an analysis across your organization to determine if your computers are susceptible to threats outlined within these CVEs.
How
...
it works
Some of the SCAP profiles that you import contain references to other lists identifying these CVE threats discovered in software. Once you initially import your profile, the server continually monitors these other lists to ensure that the list of vulnerabilities is updated.
To check your managed computers for these vulnerabilities, you must create one or more Vulnerability Analysis policies, which helps to identify which type of vulnerabilities to check for and at which time.
...
Create a vulnerability analysis policy
- Go to the Policies tab.
- Open the Navigate to Policies > Arellia Thycotic Solutions > Security Analysis folder> Policies.
- Right-click on the Security Analysis the Policies folder and choose click New > Vulnerability Analysis Policy.
- Give the new policy a name and then click OK.
Select Click the Target CPE
(e.g.link to select the target CPE (for example, "Windows 7")
.Tip To limit these selections to only CPEs that are applicable for targeting, choose the CPEs with Filters report from the reports dropdown in the toolbartitle Handy Hint .
Select any other additional CPEs to include in the set. (e.g. any other CPEs that you want targeted at your Windows 7 systems, such as "Internet Explorer 8").
Only selectTip title Note Select only additional CPEs that you typically would find on the computers in the primary Target CPE filter chosen in the previous step. This will keep from sending unnecessary checks to the computers.
- Click the the Schedule tab and define when set up a schedule to perform this analysis.
- Click Click Save.
...
This process does not do a file scan of
...
managed computers. Most of the definitions of vulnerabilities are described in a very targeted way, such as "check the version of this specific file in this specific location." Therefore, the overall impact to your users
...
will be
...
minimal.
Next
...
steps
- Visit Vulnerability Reportsreports to learn where this data can be viewed.
- You may also view this data within the Resource Explorer console, pointed at a specific managed computer.