...
Vulnerability Analysis Policies are used to determine vulnerability details on the managed computers. These are different from the Security Analysis and Remediation Policies, which are more broadly covering configuration details and possibly only measure whether or not patches are generally up-to-date.
Vulnerability Analysis Polices will perform a detailed analysis of exact vulnerabilities that have been reported by software vendors such as Microsoft. As vendors discover software flaws, they have the opportunity to publish those details in Common Vulnerability Enumeration (CVE) standard format, and many companies do this, sometimes even multiple times per day. This standard format allows the server to read these details and perform an analysis across your organization to determine if your computers are susceptible to threats outlined within these CVEs.
...
To check your managed computers for these vulnerabilities, you must create one or more Vulnerability Analysis policies, which helps to identify which type of vulnerabilities to check for and at which time.
...
Create a vulnerability analysis policy
- Go to the Policies tab.
- Navigate to Policies > Thycotic Solutions > Security Analysis > Policies.
- Right-click the Policies folder and click New > Vulnerability Analysis Policy.
- Give the new policy a name and then click OK.
Click the Target CPE link to select the target CPE (for example, "Windows 7").
Tip To limit these selections to only CPEs that are applicable for targeting, choose the CPEs with Filters report from the reports dropdown in the toolbartitle Handy Hint .
Select any other additional CPEs to include in the set. (e.g. any other CPEs that you want targeted at your Windows 7 systems, such as "Internet Explorer 8").
Only selectTip title Note Select only additional CPEs that you typically would find on the computers in the primary Target CPE filter chosen in the previous step. This will keep from sending unnecessary checks to the computers.
- Click the the Schedule tab and define when set up a schedule to perform this analysis.
Click - Click Save.
...
This process does not do a file scan of
...
managed computers. Most of the definitions of vulnerabilities are described in a very targeted way, such as "check the version of this specific file in this specific location." Therefore, the overall impact to your users
...
will be
...
minimal.
Next steps
- Visit Vulnerability Reportsreports to learn where this data can be viewed.
- You may also view this data within the Resource Explorer console, pointed at a specific managed computer.