Vulnerability Database Configuration


What is Vulnerability Database ?

The vulnerability database is a baseline against which the enterprise network vulnerabilities, are determined. This database is collated by acquiring information from security bulletins/errata from many of the Internet's largest and most comprehensive databases for security exposures and vulnerabilities. This information is further thoroughly analyzed and filled-up with relevant information for vulnerability assessment.

The vulnerability database is finally published in the Central Repository Server (CRS), from where it is updated to the enterprise site on request from the Security Manager Plus web interface.

The database is periodically updated with latest information and placed in the CRS. Therefore, it is best advised to update  the database periodically in order to be in sync with the latest vulnerability and patch related information.

What does the Vulnerability Database comprise of ?

The vulnerability database contains detailed information about publicly known security vulnerabilities and exposures , which are grouped under 'Vulnerability Knowledge Base' and provides :

CVE (Common Vulnerabilities and Exposures) is a list of common names for publicly known vulnerabilities and exposures. The CVE Editorial board determines which vulnerabilities or exposures are included in CVE, through open and collaborative discussions. If the CVE name starts with CAN (candidate), then it is under consideration for entry into CVE.

The Vulnerability Database also contain Windows Patch related information, which are grouped separately under 'Patches Knowledge Base' and provides :

When should it be updated ? 

Updating the database immediately

From the web interface of Security Manager Plus, Home page --> Security snapshot tab --> Latest Vulnerabilities section, choose the update icon to update the database. Your Security Manager Plus Home page will indicate Vulnerability Database is Up-to-date once the update is complete.

 

Alternatively, visit Admin tab Configure Vulnerability Database Updates. Click on the 'Update Now' button to trigger immediate update of Security Manager Plus vulnerability database.

Scheduling Vulnerability Update

Visit the Admin tab Configure Vulnerability Database Updates for automatic scheduling for vulnerability updates.

Viewing Vulnerability Database

You can view the Vulnerability Database either from Admin tab Actions Vulnerability Knowledge Base .

 

Searching based on CVE ID

 

The Vulnerability Database can be searched based on CVE ID. In order to perform a CVE ID based search, perform the following steps :

Viewing Patch Database

You can view the Patch Database either from Admin tab Configure Patches Knowledge Base


Copyright © 2010, ZOHO Corp. All Rights Reserved.
ManageEngine