You get to view the results of your scan as soon as the scan is completed. The scan results provide the vulnerability details about each individual IP / Host.
By default, once a scan is completed you get to view the results of the scan immediately. Click on the Asset Name link in the Assets tab link to take you to the Scan Result or Asset Details view of the particular host / IP address in the scan.
The Scan Details view consists of the following information :
From Asset Details view, you can remediate the host by applying missing Windows patches & service packs. From the Assets tab --> All Assets tab --> Asset Name link --> click on the 'Remediate' button to either Deploy Missing Patches or Service Packs.
Clicking on 'Deploy Patches' option from the 'Remediate' menu, lists all the missing patches applicable for this Asset. From here you can select whichever patches you wish to deploy on the asset. Choose the patches of interest and click on the 'Deploy Patch' button to perform patch deployment on the host.
Patch Deployment History
If any patch is deployed on a host, a history will be maintained about when it was deployed and to which all systems and what was the status of deployment. You can view this by clicking the patch history icon against each patch in the list.
Deploying Service Packs
Clicking on 'Deploy Service Packs' option from the 'Remediate' menu, lists all the SPs applicable for this Asset. From here you can select whichever service pack you wish to deploy. Choose the SP of interest and click on the 'Deploy' button to perform service pack deployment on the host.
Note that you can deploy only one service pack at a time on a host, so you can select only a single SP from this view.
Download Service Packs
You can also download service packs from this view. Select the SP and click on the 'Download' button. You can initiate an instant download or schedule the SP download for a later time. From this screen, there is also a provision to use an already downloaded SP.
Service Pack Deployment History
If any SP is deployed on a host, a history will be maintained about when it was deployed and to which all systems and what was the status of deployment. You can view this by clicking the service pack history icon against each SP in the list.
Deploying Linux Packages
If the asset is a Linux system, you can deploy missing Linux packages by clicking on the 'Deploy Linux Packages' option from the 'Remediate' menu. You can select the packages that you wish to deploy and click on the Deploy button.
Refer to Linux Package Management Scripts section for more information.
Reports can be generated for every Asset. For this visit the Assets tab --> All Assets tab --> Asset name link --> click on the 'Reports' button. This will drop down to all the reports that are present in Security Manager (predefined as well as custom reports). Choose whichever report you want for the asset and click on the appropriate name.
The following are the actions that can be performed from Asset Details. These can be accessed from the 'Actions' button in an Asset Details view.
Using this option, you can select a patch that you want to uninstall from the list that is displayed. Note that patches can be undeployed one at a time. It is generally not advisable to uninstall patches, so you must exercise extreme caution before performing this task.
Patches for which Microsoft supports uninstallation, are only supported for undeployment in Security Manager Plus. So please read the patch bulletin information thoroughly before you attempt this operation.
This is an option to configure the e-mail ID to which a notification will be sent when a scan for the asset is completed. You can specify the e-mail ID in the text field provided. Selected reports from Security Manager Plus can also be attached along with the scan complete notification. You can choose the report type from the drop-down menu and click 'Save'.
You can initiate an on-demand vulnerability scan on an Asset from the Asset details view or you can schedule a scan from this menu option, so that it runs at a specified time and periodicity.
You can start an on-demand scan by choosing this option.
You can edit an existing Asset from here. You can alter the host name (display name) and Operating system type.
When the Trouble Ticket E-mail Settings are configured from the Admin tab, then you can use this option to select a criterion, which when exceeds by a configured count, e-mail will be generated to the trouble ticket system. For e.g. Total Vulnerability count : Greater than : 10. You can also remove the ticket settings from the same screen if configured already.
Patch Deployment / SP Deployment History
These are 2 views which display a list of all the patch and service pack deployment tasks that have been configured and executed for an asset with the status of each task.
Linux Deployment History
This view displays a list of all the package deployment tasks associated with a Linux system. This option does not appear for Windows assets.
You can associate Change Management profiles to this asset so that files, folders and/or registry entries are tracked for changes. Each profile will have a set of files, folders and registry entries that are configured for change management & change tracking.
This option appears only for systems being managed in the agent mode. Refer to Agent Configuration section for more information.
You can reboot the Asset (if it is a Windows system) from here itself. If SMP Agent is running in the Asset, you can check whether the reboot is completed or not in the Assets page table view. You can choose 'Reboot Status' from the column chooser of the Assets table view to see the status
A high-level summary of a particular host in the Scan is provided, with general details like IP Address, Operating System, System Language and scan details like the Vulnerability Group, Vulnerabilities Found, Vulnerability Checks Performed, Missing Security Updates, number of open ports, initiator of the scan, start and end time of the scan and time taken for the scan.
A pie-chart depicting the vulnerability risk percentage for the host is also seen in this section.
Gives a complete list of open ports that were found during the scan of a particular host or IP, with details like the Service Running at the port, Service Info and the number of vulnerabilities found against each service listening in the open ports.
This view provides you with a tabular listing of the vulnerabilities found in that particular host of the Scan Job. You get to view details like :
Marking False Positives
A vulnerability will be classified as a "False Positive", when Security Manager Plus detects one but it is not considered as a real threat or if a solution has been found to work around such a vulnerability.
From the Scan Results / Asset Details, for a particular host, in the 'Vulnerabilities' link, you will have the option to mark a vulnerability as false positive, by clicking the button against a particular vulnerability. By doing this, you can select this vulnerability to be omitted from your Scan Reports.
You can unmark a marked false positive by clicking on the button.
This section displays the details of any AntiVirus software that might be installed in the scanned systems. It will list the following information :
Antivirus product name
Real time scan (enabled or disabled)
Service Pack Details
In this section, you can see information on what service pack is missing from the list of Windows applications that the scan has detected. Clicking on the product name from the list, will take you to the screen from where you can deploy the service pack.
In this section, you get to view details like :
Severity - Determines the importance of the patch. These severity ratings are as per the bulletin or advisory information or as a result of patch assessment done by ManageEngine.
Bulletin : The advisory article provided by the vendor which contains information about the vulnerability and patch availability. Clicking this link, will lead you to the Bulletin Details view, which provides more info about the Bulletin and the vulnerability.
Patch To Install : The name of the patch that will be installed.
Note : Security Manager Plus supports detection of missing patches for Windows as well as Linux machines. Supported Windows operating systems are : Windows Vista, Windows XP, 2000 Server and Professional, NT Workstation and Server, 2003 Server and applications are : IIS, IE, SQL Server, MDAC, Media Player, .NET Framework, MSXML, DirectX, Windows Defender, MS Office etc.. Supported Linux distributions are : Red Hat Linux and Debian Linux. You need to supply the credentials of the target machine for which the scan is being performed.
This section of the Scan Result for a particular system, lists the inventory of the different hardware components present in the system. Some of information displayed are :
System Info - what brand the asset is, model, bios name
Processor Info - CPU details
Drives associated to this system
Peripherals that are connected to this system like Keyboard, Mouse, Monitor, Video/Sound Cards, USBs
Network information - IP address, MAC address, NIC name, DNS server etc.
Port details - port type and status
This section lists all the following information :
software that has been currently installed on the system, along with the name, vendor information and software version.
list of installed patches on the system
Software inventory is detected only for Windows systems. Software Inventory for other Operating Systems is currently not supported
Software Inventory for Windows systems can be detected only if Security Manager Plus server is running in a Windows system
Windows Users List
This section of the Scan Result displays the list of user accounts existing in the scanned systems, and the following details about each account :
Windows Groups List
This section lists the Windows User Groups (namely Administrators, Backup Operators, Guests, Power users etc.) present in the systems, along with list of group members in each category and the group description.
This section of the Scan Result or Asset Details view displays the File Changes, Folder Changes & Registry Changes for a Windows system. A combination of files, folders or registry entries can be configured as a Change Management profile, so that Security Manager Plus can track & report changes that occur on all these entities.
The Change Management profiles that have been associated to this Windows asset are listed. On clicking on the profile name, you will be led to the Profile configuration screen, where you can add or delete the entries under each category (file, folder or registry) for this particular profile.
This is a tabular display of files that have been configured in the associated profile for which change detection has to be tracked during every scan. The information present in this table are:
On clicking the File name link from the above list, you get to see the values comparison chart showing the Baseline values and the Current values. From this you can understand what parameter being checked for has changed. By default, the details obtained from a file after the first scan on an asset, will be treated as the Baseline value for the different parameters.
This is a tabular display of Windows folders that have been configured in the associated profile for which change detection has to be tracked during every scan. The information present in this table are:
On clicking the Folder name link from the above list, you get to see the values comparison chart showing the Baseline values and the Current values. From this you can understand what parameter being checked for has changed. By default, the details obtained from a folder after the first scan on an asset, will be treated as the Baseline value for the different parameters.
This is a tabular display of Registry entries that have been configured in the associated profile for which change detection has to be tracked during every scan. The information present in this table are:
By default, the values for a Registry key after the first scan on an asset, will be treated as the Baseline value for the different parameters.
By default, the details obtained from a File or a Folder or the values for a Registry key after the first scan on an asset, will be treated as the Baseline value for various parameters being tracked. However, this can be altered at any time and a baseline can be set to be a changed value. In order to alter the baseline, you can click on the Baseline icon in the "Set as Baseline" column for the entry which has a changed status (red icon) if you think the change is appropriate. From the subsequent scans, this will be treated as the Baseline and compared against.
Setting baselines is applicable for every entry under each category (files, folders or registry).
To generate reports for the systems in this scan result, click on the 'Generate Report' on the top of the page and select the type of report. Visit Reports for more information.