Manually Scanning Vulnerabilities

Scenarios

This section describes how to manually scan for vulnerabilities and view the latest scan results.

Prerequisites

• Your SecMaster professional edition is available.
• You have installed HSS agent. For details, see Installing an Agent.
• HSS logs have been connected to SecMaster and the function of automatically converting logs into alerts has been enabled. For details, see Cloud Service Access. If access to HSS vulnerability scan results has been enabled but the automatic alert conversion is disabled, the vulnerability scan results will not be displayed on the Vulnerabilities page in SecMaster.

Manually Scanning Vulnerabilities

1. Log in to the SecMaster console.
2. Click in the upper left corner of the management console and select a region or project.
3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
   Figure 1 Workspace management page
   

4. In the navigation pane on the left, choose Risk Prevention > Vulnerabilities.
   Figure 2 Accessing the Vulnerabilities page
   

5. Only the operations account of the primary workspace can set the account range for vulnerability scanning.
   • Operations accounts: An operations account, or parent account, is an account that can manage member accounts. An operations account can manage multiple service accounts.
   • Service account: A service account is a member account, or child account, managed by an operations account. A service account (child account) can be managed by only one operations account.
   • Primary workspace: The first workspace created by SecMaster is the primary workspace by default. The workspace is pinned on top of the Workspaces > Management page. You can also change the primary workspace. On the Workspaces > Management page, click next to the target workspace. On the workspace details page displayed, toggle on Primary workspace.

   To set up a manual scan, take the following steps:

   1. In the upper right corner of the Vulnerabilities page, click Manual Scan and select the account scope for vulnerability scanning based on your needs.
      • All accounts: If you select All accounts, the vulnerability scan will be performed for the operations account and all service accounts managed by the operations account.
      • Specify account: If you select Specify account and select some accounts, the vulnerability scan is applied to the selected service accounts managed by the operations account.
      Figure 3 Specify Select Account.
      
   2. Click OK.
   3. Refresh the Vulnerabilities page and check the Last Scanned column. Confirm that the vulnerabilities are the latest scanned ones.

      If the workspace is not the primary workspace or the account is not an operations account, the account scope of vulnerability scan cannot be set. To start a scan, you only need to click Manual Scan in the upper right corner of the Vulnerabilities page and click OK in the displayed dialog box. Refresh the page and check the details next to Last Scanned and ensure that the latest scan result is displayed.