Viewing Scan Results (Asset Details)


You get to view the results of your scan as soon as the scan is completed. The scan results provide the vulnerability details about each individual IP / Host.

Getting to Scan Results or Asset Details

By default, once a scan is completed you get to view the results of the scan immediately. Click on the Asset Name link in the Assets tab link to take you to the Scan Result or Asset Details view of the particular host / IP address in the scan.

Asset Details

The Scan Details view consists of the following information :

Remediate Asset

From Asset Details view, you can remediate the host by applying missing Windows patches & service packs. From the Assets tab --> All Assets tab --> Asset Name link --> click on the 'Remediate' button to either Deploy Missing Patches or Service Packs.

 

Deploying Patches

 

Clicking on 'Deploy Patches' option from the 'Remediate' menu, lists all the missing patches applicable for this Asset. From here you can select whichever patches you wish to deploy on the asset. Choose the patches of interest and click on the 'Deploy Patch' button to perform patch deployment on the host.

Patch Deployment History

 

If any patch is deployed on a host, a history will be maintained about when it was deployed and to which all systems and what was the status of deployment. You can view this by clicking the patch history icon against each patch in the list.

 

Deploying Service Packs

 

Clicking on 'Deploy Service Packs' option from the 'Remediate' menu, lists all the SPs applicable for this Asset. From here you can select whichever service pack you wish to deploy. Choose the SP of interest and click on the 'Deploy' button to perform service pack deployment on the host.

 

Note that you can deploy only one service pack at a time on a host, so you can select only a single SP from this view.

 

Download Service Packs
 

You can also download service packs from this view. Select the SP and click on the 'Download' button. You can initiate an instant download or schedule the SP download for a later time. From this screen, there is also a provision to use an already downloaded SP.

Service Pack Deployment History

 

If any SP is deployed on a host, a history will be maintained about when it was deployed and to which all systems and what was the status of deployment. You can view this by clicking the service pack history icon against each SP in the list.

Deploying Linux Packages

 

If the asset is a Linux system, you can deploy missing Linux packages by clicking on the 'Deploy Linux Packages' option from the 'Remediate' menu. You can select the packages that you wish to deploy and click on the Deploy button.

 

Refer to Linux Package Management Scripts section for more information.

 

Reports for Assets

Reports can be generated for every Asset. For this visit the Assets tab --> All Assets tab --> Asset name link --> click on the 'Reports' button. This will drop down to all the reports that are present in Security Manager (predefined as well as custom reports). Choose whichever report you want for the asset and click on the appropriate name.

 

Actions from Asset Details

The following are the actions that can be performed from Asset Details. These can be accessed from the 'Actions' button in an Asset Details view.

 

Undeploy Patch

 

Using this option, you can select a patch that you want to uninstall from the list that is displayed. Note that patches can be undeployed one at a time. It is generally not advisable to uninstall patches, so you must exercise extreme caution before performing this task.

 

Patches for which Microsoft supports uninstallation, are only supported for undeployment in Security Manager Plus. So please read the patch bulletin information thoroughly before you attempt this operation.

 

Scan Notification

 

This is an option to configure the e-mail ID to which a notification will be sent when a scan for the asset is completed. You can specify the e-mail ID in the text field provided. Selected reports from Security Manager Plus can also be attached along with the scan complete notification. You can choose the report type from the drop-down menu and click 'Save'.

 

Schedule Scan

 

You can initiate an on-demand vulnerability scan on an Asset from the Asset details view or you can schedule a scan from this menu option, so that it runs at a specified time and periodicity.

 

Scan Now

 

You can start an on-demand scan by choosing this option.

 

Edit Host

 

You can edit an existing Asset from here. You can alter the host name (display name) and Operating system type.

 

Ticket Settings

 

When the Trouble Ticket E-mail Settings are configured from the Admin tab, then you can use this option to select a criterion, which when exceeds by a configured count, e-mail will be generated to the trouble ticket system. For e.g. Total Vulnerability count : Greater than : 10. You can also remove the  ticket settings from the same screen if configured already.

 

Patch Deployment / SP Deployment History

 

These are 2 views which display a list of all the patch and service pack deployment tasks that have been configured and executed for an asset with the status of each task.

 

Linux Deployment History

 

This view displays a list of all the package deployment tasks associated with a Linux system. This option does not appear for Windows assets.

 

Change Management

 

You can associate Change Management profiles to this asset so that files, folders and/or registry entries are tracked for changes. Each profile will have a set of files, folders and registry entries that are configured for change management & change tracking.

 

Configure Agent

 

This option appears only for systems being managed in the agent mode. Refer to Agent Configuration section for more information.

 

Reboot Now

 

You can reboot the Asset (if it is a Windows system) from here itself. If SMP Agent is running in the Asset, you can check whether the reboot is completed or not in the Assets page table view. You can choose 'Reboot Status' from the column chooser of the Assets table view to see the status

Security tab

Host Information

 

A high-level summary of a particular host in the Scan is provided, with general details like IP Address, Operating System, System Language and scan details like the Vulnerability Group, Vulnerabilities Found, Vulnerability Checks Performed, Missing Security Updates, number of open ports, initiator of the scan, start and end time of the scan and time taken for the scan.

 

A pie-chart depicting the vulnerability risk percentage for the host is also seen in this section.

 

Open Ports

 

Gives a complete list of open ports that were found during the scan of a particular host or IP, with details like the Service Running at the port, Service Info and the number of vulnerabilities found against each service listening in the open ports.

 

Vulnerabilities

 

This view provides you with a tabular listing of the vulnerabilities found in that particular host of the Scan Job. You get to view details like :

Marking False Positives

 

A vulnerability will be classified as a "False Positive", when Security Manager Plus detects one but it is not considered as a real threat or if a solution has been found to work around such a vulnerability.

 

From the Scan Results / Asset Details, for a particular host, in the 'Vulnerabilities' link, you will have the option to mark a vulnerability as false positive, by clicking the button against a particular vulnerability. By doing this, you can select this vulnerability to be omitted from your Scan Reports. 

 

You can unmark a marked false positive by clicking on the button.

AntiVirus Software
 

This section displays the details of any AntiVirus software that might be installed in the scanned systems. It will list the following information :


Service Pack Details

In this section, you can see information on what service pack is missing from the list of Windows applications that the scan has detected. Clicking on the product name from the list, will take you to the screen from where you can deploy the service pack.

Missing Patches

In this section, you get to view details like :

Note : Security Manager Plus supports detection of missing patches for Windows as well as Linux machines. Supported Windows operating systems are : Windows Vista, Windows XP, 2000 Server and Professional, NT Workstation and Server, 2003 Server and applications are : IIS, IE, SQL Server, MDAC, Media Player, .NET Framework, MSXML, DirectX, Windows Defender, MS Office etc.. Supported Linux distributions are : Red Hat Linux and Debian Linux. You need to supply the credentials of the target machine for which the scan is being performed.

 

Hardware Inventory

This section of the Scan Result for a particular system, lists the inventory of the different hardware components present in the system. Some of information displayed are :

Software Inventory

This section lists all the following information :

Note :

User Groups

Windows Users List

 

This section of the Scan Result displays the list of user accounts existing in the scanned systems, and the following details about each account :

Windows Groups List

 

This section lists the Windows User Groups (namely Administrators, Backup Operators, Guests, Power users etc.) present in the systems, along with list of group members in each category and the group description.

 

Changes

This section of the Scan Result or Asset Details view displays the File Changes, Folder Changes & Registry Changes for a Windows system. A combination of files, folders or registry entries can be configured as a Change Management profile, so that Security Manager Plus can track & report changes that occur on all these entities.

 

Profiles

 

The Change Management profiles that have been associated to this Windows asset are listed. On clicking on the profile name, you will be led to the Profile configuration screen, where you can add or delete the entries under each category (file, folder or registry) for this particular profile.

 

File Changes

 

This is a tabular display of files that have been configured in the associated profile for which change detection has to be tracked during every scan. The information present in this table are:

On clicking the File name link from the above list, you get to see the values comparison chart showing the Baseline values and the Current values. From this you can understand what parameter being checked for has changed. By default, the details obtained from a file after the first scan on an asset, will be treated as the Baseline value for the different parameters.

 

Folder Changes

 

This is a tabular display of Windows folders that have been configured in the associated profile for which change detection has to be tracked during every scan. The information present in this table are:

On clicking the Folder name link from the above list, you get to see the values comparison chart showing the Baseline values and the Current values. From this you can understand what parameter being checked for has changed. By default, the details obtained from a folder after the first scan on an asset, will be treated as the Baseline value for the different parameters.

 

Registry Changes

 

This is a tabular display of Registry entries that have been configured in the associated profile for which change detection has to be tracked during every scan. The information present in this table are:

By default, the values for a Registry key after the first scan on an asset, will be treated as the Baseline value for the different parameters.

 

Setting Baseline

 

By default, the details obtained from a File or a Folder or the values for a Registry key after the first scan on an asset, will be treated as the Baseline value for various parameters being tracked. However, this can be altered at any time and a baseline can be set to be a changed value. In order to alter the baseline, you can click on the Baseline icon in the "Set as Baseline" column for the entry which has a changed status (red icon) if you think the change is appropriate. From the subsequent scans, this will be treated as the Baseline and compared against.

 

Setting baselines is applicable for every entry under each category (files, folders or registry).

 

Report Generation

To generate reports for the systems in this scan result, click on the 'Generate Report' on the top of the page and select the type of report. Visit Reports for more information.


Copyright © 2010, ZOHO Corp. All Rights Reserved.
ManageEngine