Vulnerability Management Overview
HSS detects Linux, Windows, Web-CMS, and application vulnerabilities and provides a vulnerability overview, including host vulnerability detection details, vulnerability statistics, vulnerability type distribution, top 5 vulnerabilities, and top 5 risky servers, helping you learn host vulnerabilities in real time.
Automatic and manual vulnerability scans are supported. Automatic scan can be performed in the early morning every day at the preset time. You can also perform manual scan to view the vulnerabilities of target servers or of the current server.
How Vulnerability Scan Works
Table 1 describes how different types of vulnerabilities are detected.
Type |
Mechanism |
|---|---|
Linux vulnerability |
Based on the vulnerability database, checks and handles vulnerabilities in the software (such as kernel, OpenSSL, vim, glibc) you obtained from official Linux sources and have not compiled, reports the results to the management console, and generates alarms. |
Windows vulnerability |
Synchronizes Microsoft official patches, checks whether the patches on the server have been updated, pushes Microsoft official patches, reports the results to the management console, and generates vulnerability alarms. |
Web-CMS vulnerability |
Checks web directories and files for Web-CMS vulnerabilities, reports the results to the management console, and generates vulnerability alarms. |
Application vulnerability |
Detects the vulnerabilities in the software and dependency packages running on the server, reports risky vulnerabilities to the console, and displays vulnerability alarms. |
Constraints
- The basic edition supports automatic scan and viewing of Linux and Windows vulnerabilities, but does not support server view switching or vulnerability handling.
- The Server Status is Running, Agent Status is Online, and Protection Status is Protected. Otherwise, vulnerability scan cannot be performed.
- Table 2 describes the OSs that support vulnerability scan and fix.
Table 2 OSs that support vulnerability scan and fix OS Type
Supported OS
Windows
- Windows Server 2019 Datacenter 64-bit English (40 GB)
- Windows Server 2019 Datacenter 64-bit Chinese (40 GB)
- Windows Server 2016 Standard 64-bit English (40 GB)
- Windows Server 2016 Standard 64-bit Chinese (40 GB)
- Windows Server 2016 Datacenter 64-bit English (40 GB)
- Windows Server 2016 Datacenter 64-bit Chinese (40 GB)
- Windows Server 2012 R2 Standard 64-bit English (40 GB)
- Windows Server 2012 R2 Standard 64-bit Chinese (40 GB)
- Windows Server 2012 R2 Datacenter 64-bit English (40 GB)
- Windows Server 2012 R2 Datacenter 64-bit Chinese (40 GB)
Linux
- EulerOS: 2.2, 2.3, 2.5, 2.8, 2.9 (64-bit)
- CentOS 7.4, 7.5, 7.6, 7.7, 7.8 and 7.9 (64-bit)
- Ubuntu 16.04, 18.04, 20.04 (64-bit)
- Debian 9, 10, and 11 (64-bit)
- Kylin V10 (64-bit)
Types of Vulnerabilities That Can Be Scanned and Fixed
For details about the types of vulnerabilities that can be scanned and fixed in different HSS editions, see Types of vulnerabilities that can be scanned and fixed in each HSS edition.
The meanings of the symbols in the table are as follows:
- √: supported
- ×: not supported
Vulnerability Type |
Function |
Professional Edition |
Enterprise Edition |
Premium Edition |
Web Tamper Protection Edition |
Container Edition |
|---|---|---|---|---|---|---|
Linux vulnerability |
Automatic vulnerability scan (once a week by default) |
√ |
√ |
√ |
√ |
√ |
Vulnerability policy configuration |
√ |
√ |
√ |
√ |
√ |
|
Vulnerability whitelist |
√ |
√ |
√ |
√ |
√ |
|
Manual vulnerability scan |
√ |
√ |
√ |
√ |
√ |
|
One-click vulnerability fix |
√ (A maximum of 50 vulnerabilities can be fixed at a time.) |
√ (A maximum of 50 vulnerabilities can be fixed at a time.) |
√ |
√ |
√ |
|
Windows vulnerability |
Automatic vulnerability scan (once a week by default) |
√ |
√ |
√ |
√ |
× |
Vulnerability policy configuration |
√ |
√ |
√ |
√ |
× |
|
Vulnerability whitelist |
√ |
√ |
√ |
√ |
× |
|
Manual vulnerability scan |
√ |
√ |
√ |
√ |
× |
|
One-click vulnerability fix |
√ (A maximum of 50 vulnerabilities can be fixed at a time.) |
√ (A maximum of 50 vulnerabilities can be fixed at a time.) |
√ |
√ |
× |
|
Web-CMS vulnerability |
Automatic vulnerability scan (once a week by default) |
√ |
√ |
√ |
√ |
√ |
Vulnerability policy configuration |
√ |
√ |
√ |
√ |
√ |
|
Vulnerability whitelist |
√ |
√ |
√ |
√ |
√ |
|
Manual vulnerability scan |
√ |
√ |
√ |
√ |
√ |
|
One-click vulnerability fix |
× |
× |
× |
× |
× |
|
Application vulnerability |
Automatic vulnerability scan (once a week by default) |
× |
√ |
√ |
√ |
√ |
Vulnerability policy configuration |
× |
√ |
√ |
√ |
√ |
|
Vulnerability whitelist |
× |
√ |
√ |
√ |
√ |
|
Manual vulnerability scan |
× |
√ |
√ |
√ |
√ |
|
One-click vulnerability fix |
× |
× |
× |
× |
× |
- HSS can scan for Web-CMS and application vulnerabilities but cannot fix them. You can log in to your server to manually fix the vulnerability by referring to the suggestions displayed on the vulnerability details page.
Procedure
- Log in to the management console.
- Click
in the upper left corner of the page, select a region, and choose Security > Host Security Service. - In the left navigation pane, choose Prediction > Vulnerabilities.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
