Vulnerability Analysis Policies

Purpose

Vulnerability Analysis Policies are used to determine vulnerability details on the managed computers. These are different from the Security Analysis and Remediation Policies, which are more broadly covering configuration details and possibly only measure whether or not patches are generally up-to-date.

Vulnerability Analysis Polices will perform a detailed analysis of exact vulnerabilities that have been reported by software vendors such as Microsoft. As vendors discover software flaws, they have the opportunity to publish those details in Common Vulnerability Enumeration (CVE) standard format, and many companies do this, sometimes even multiple times per day. This standard format allows the server to read these details and perform an analysis across your organization to determine if your computers are susceptible to threats outlined within these CVEs.

How It Works

Some of the SCAP profiles that you import contain references to other lists identifying these CVE threats discovered in software. Once you initially import your profile, the server continually monitors these other lists to ensure that the list of vulnerabilities is updated.

To check your managed computers for these vulnerabilities, you must create one or more Vulnerability Analysis policies, which helps to identify which type of vulnerabilities to check for and at which time.

Creating a Vulnerability Analysis Policy

  1. Go to the Policies tab.
  2. Navigate to Policies > Arellia Solutions > Security Analysis > Policies.
  3. Right-click on the Policies folder and choose New > Vulnerability Analysis Policy.
  4. Select the Target CPE (e.g. "Windows 7").

     

    Handy Hint

    To limit these selections to only CPEs that are applicable for targeting, choose the CPEs with Filters report from the reports dropdown in the toolbar.

  5. Select any other additional CPEs to include in the set. (e.g. any other CPEs that you want targeted at your Windows 7 systems, such as "Internet Explorer 8"). Only select additional CPEs that you typically would find on the computers in the primary Target CPE filter chosen in the previous step. This will keep from sending unnecessary checks to the computers.
  6. Click the Schedule tab and define when to perform this analysis
  7. Click Save.

Note:

This process does not do a file scan of the managed computers. Most of the definitions of vulnerabilities are described in a very targeted way, such as "check the version of this specific file in this specific location." Therefore, the overall impact to your users should be rather minimal.

Next Steps

  • Visit Vulnerability Reports to learn where this data can be viewed.
  • You may also view this data within the Resource Explorer console, pointed at a specific managed computer.