Overview
Vulnerability Manager
Vulnerability Assessment Module: provided by integration with OpenVAS (https://www.openvas.org/). It's a full-featured vulnerability scanner.
The scanner obtains the tests for detecting vulnerabilities from a feed that has a long history and daily updates.
Vulnerability Manager can be accessed from Web Interface by navigating to Settings > Management > Vulnerability Manager. Vulnerability Manager page opens, listing defined sections:
Targets
To start scanning you should firstly define target hosts.
If the list of hosts is empty, the command must also include a target locator.
- target function can be edited for an existing notes.
- and can be deleted for an existing note. Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager
To create a New ScanTarget, press button, a window will open that allows for ScanTarget configuration:
- In Name field, type a name that identifies the newly created target.
- In Comment field, type a comment on the target.
- In Hosts field, a textual list of hosts, which may be empty.
- In Exclude Hosts field, excluding the hosts and you have two options ( Reverse Lookup Only and Unify).
- In SSH Credentials field, the SSH login credentials for target.
- In SSH Port field, the SSH port for target.
- In SMB Credentials field, the SMB login credentials for target.
- In ESXI Credentials field, the ESXI login credentials for target.
- In SNMP Credentials field, the SNMP login credentials for target.
Update button will make refresh for the Targets function page.
Tasks
After target hosts are defined, you should create scanning tasks for them.
If an rcfile is given, then config and target should actually be left out.
- task function can be edited for an existing task.
-
can be deleted for an existing task, including all reports associated with the task. Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager
-
you can use Start
button, to manually start an existing task.
- you can use Stop
button, to manually stop a running task.
To create a New Task, press button, a window will open Task configuration:
- In Name field, type a name that identifies the newly created task.
- In Comment field, type a comment on the task and have an option to be Alterable.
- In Config field, the scan configuration used by the task.
- In Target field, the hosts scanned by the task.
- In Hosts Ordering field, the ordering hosts.
- In Scanner field, choose OpenVAS Default or other scanner in case of integration.
- In Schedule field, choose from the list which could be created in Schedule function.
- In Schedule Periods field, when the task will run.
Update button will make refresh for the Task function page.
After you configured scanning, you should manually start the required tasks from the list.
By default, the following scan configurations are available:
- Discovery
This scan configuration only uses VTs that provide information about the target system. No vulnerabilities are being detected.
Amongst others, the collected information contains information about open ports, used hardware, firewalls, used services, installed software and certificates. The system is inventoried completely.
The VT families are dynamic, i.e., new VTs of the chosen VT families are added and used automatically.
- Empty
This scan configuration is an empty template containing no VTs. It can be cloned and used for a completely individual created scan configuration.
The VT families are static, i.e., new VTs of the chosen VT families are not added and used automatically.
- Host Discovery
This scan configuration is used to detect target systems. No vulnerabilities are being detected.
The used port scanner is Ping Host which detects whether a host is alive.
The VT families are static, i.e., new VTs of the chosen VT families are not added and used automatically.
- System Discovery
This scan configuration is used to detect target systems including installed operating systems and used hardware. No vulnerabilities are being detected.
The used port scanner is Ping Host which detects whether a host is alive.
The VT families are static, i.e., new VTs of the chosen VT families are not added and used automatically.
- Full and fast
For many environments this is the best option to start with.
This scan configuration is based on the information gathered in the previous port scan and uses almost all VTs. Only VTs that will not damage the target system are used. VTs are optimized in the best possible way to keep the potential false negative rate especially low. The other “Full” configurations only provide more value in rare cases but with much higher effort.
The VT families are dynamic, i.e., new VTs of the chosen VT families are added and used automatically.
- Full and fast ultimate
This scan configuration expands the scan configuration Full and fast with VTs that could disrupt services or systems or even cause shutdowns.
The VT families are dynamic, i.e., new VTs of the chosen VT families are added and used automatically.
- Full and very deep
This scan configuration is based on the scan configuration Full and fast but the results of the port scan or the application/service detection do not have an impact on the selection of the VTs. Therefore, VTs that wait for a timeout or test for vulnerabilities of an application/service which were not detected previously are used. A scan with this scan configuration is very slow.
The VT families are dynamic, i.e., new VTs of the chosen VT families are added and used automatically.
- Full and very deep ultimate
This scan configuration expands the scan configuration Full and very deep with dangerous VTs that could cause possible service or system disruptions. A scan with this scan configuration is very slow.
The VT families are dynamic, i.e., new VTs of the chosen VT families are added and used automatically.
Credentials
If the command includes a password, then the manager creates a password only credential, otherwise the manager creates a key-based credential.
-
credentials can be edited for an existing notes.
-
and can be deleted for an existing note. Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
To create a New Credentials, press button, a window will open that allows for Credentials configuration:
Below described attributes are similar to those found in Edit Credentials configuration page. Please note the available options will change depending on the credentials type selected:
- In Name field, type a name that identifies the newly created credentials.
- In Comment field, type a comment on the credential
- In Login field, you have to type the user name of the credential
- In Password field will be the password for the credential login
- In Confirm password field you have to confirm the password
Update button will make refresh for the Credentials function page.
Schedules
The Schedule function is using to create a schedule.
-
schedules function can be edited for an existing notes.
-
and can be deleted for an existing note. Since this is a destructive command, the client is advised to ask for confirmation from the user before sending this command to the Manager.
To create a New Schedules, press button, a window will open that allows for Schedules configuration:
Below described attributes are similar to those found in Edit Schedules configuration page. Please note the available options will change depending on the Schedules type selected:
- In Name field, type a name that identifies the newly created schedule.
- In Comment field, type a comment on the schedule.
- In First Time field, the schedule will run in (minute, hour, day of month, month, year)
- In Password field will be the password for the credential login
- In Period(Days) field, how often the Manager will repeat the scheduled task ( in days).
- In Duration(Hours) field, how long the Manager will run the schedule task for ( in hours).
Update button will make refresh for the Schedules function page.
Reports
If you press start on Tasks function, will be generated in Reports and you can Export Reports events to CYBERQUEST.
- reports function can export reports events to CQ.
- can be deleted for an existing task.
- if you press
button, will open the Scan results which is in the XML report format and is sent as XML. All other formats are sent in Base64 encoding.
Os
In this section is a list of OS, which were detected by scanner during scan processes.
Assets
In this section is a list of assets, which were detected by scanner during scan processes.
Preferences
Preferences function is using for getting preference information. The preference element includes just the name and value, with the NVT and type built into the name.
Update button will make refresh for the Preferences function page.
Configs
Configs function is using for getting config information.
Update button will make refresh for the Configs function page.
Scanners
Information regarding scanning tasks, downloaded from Scanner.
Update button will make refresh for the Scanners function page.