Updated on 2023-12-22 GMT+08:00

Viewing Vulnerability Details

Scenario

This topic describes where to view details about Linux, Windows, Web-CMS, and application vulnerabilities.

Prerequisites

  • You have purchased the SecMaster professional edition and the edition is within the validity period.
  • HSS logs have been connected to SecMaster and the function of automatically converting logs into alerts has been enabled. For details, see Data Integration.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  3. In the navigation pane, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  4. In the navigation pane, choose Risk Prevention > Vulnerabilities.

    Figure 2 Accessing the vulnerability management page

  5. Check vulnerability statistics.

    Figure 3 Vulnerability statistics
    • Vulnerability Type Distribution: displays the overall number of vulnerabilities and the distribution of each type of vulnerabilities.
    • Top 5 Vulnerabilities: The Vulnerability ID tab displays the top 5 vulnerabilities with the largest number of vulnerability IDs and the number of affected assets. The Vulnerability Type tab displays the top 5 vulnerabilities with the largest number of vulnerability types, vulnerability risk levels, and affected assets.
    • Top 5 Vulnerable Resources: displays top 5 risky assets.

  6. On the displayed page, click Linux Vulnerabilities, Windows Vulnerabilities, Web-CMS Vulnerabilities, or Application Vulnerabilities.

    If there are a large number of vulnerabilities, you can specify the vulnerability name, vulnerability ID, severity, handling status and enter a keyword in the search box, and click to quickly search for s specific vulnerability.

    You can view a maximum of 9,999 vulnerability records on the page.
    Table 1 Vulnerability parameters

    Parameter

    Description

    Vulnerability Name

    Name of the scanned vulnerability.

    Click a vulnerability name to view vulnerability description and vulnerability library information.

    Severity

    Severity level of the vulnerability.

    ID

    Vulnerability ID

    Affected Assets

    Total number of assets affected by a vulnerability

    Vulnerability ID

    ID of a vulnerability.

    Last Scanned

    Time of the last scan

    Handled

    Specifies whether the vulnerability has been handled.

  7. To view details about a vulnerability, click the vulnerability name and view the details on the page that is displayed on the right.