tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Cloud Workload Protection Platform
    Documentation
    Download PDF

    Auto Fix of Vulnerabilities

    Last updated: 2023-12-26 16:39:51
    Download PDF
      This topic describes the best practices for automatically fixing vulnerabilities.
      Note:
      Auto-fixing of vulnerabilities may involve executing commands on your servers, which may affect running applications or core system components, and restarting applications or operating systems, which may affect your business continuity. For servers that are used for your core business, we recommend that you take the impact into full consideration when planning which vulnerabilities to fix and in what order to do so.

      Limitations

      Supported servers: CVM Ultimate on which CWPP is online.
      Supported vulnerabilities: Linux software vulnerabilities (some) and Web-CMS vulnerabilities (some).

      Operation Guide

      1. Log in to the CWPP Console and click Vulnerability Management in the left navigation pane. Then the list of detected vulnerabilities is shown at the bottom.
      2. The vulnerabilities in the Vulnerability List are categorized as Urgent Vulnerabilities, Critical Vulnerabilities, and All Vulnerabilities, which are discovered vulnerabilities that are not obviously different from each other in terms of functionality. The steps for fixing vulnerabilities automatically are described below using All Vulnerabilities as an example.
      Note:
      Priorities: Urgent vulnerabilities > Critical vulnerabilities > All vulnerabilities.
      For vulnerabilities that can be automatically fixed, Auto Fix is shown in the operation column; for vulnerabilities that cannot be automatically fixed, Fix Scheme is shown in the column.
      

      Step 1: View vulnerability details

      Click Auto Fixi to open the vulnerability details pop-up window.
      

      Step 2: Select the servers for which you want to fix vulnerabilities automatically.

      Select the target servers in the affected server list, and click Fix to open the confirmation pop-up window.
      
      

      Step 3: Choose whether to create snapshots

      Click Confirm to open the fix method configuration pop-up window, and select the fix method: Fix and Automatically Create Snapshots, or Fix Without Creating Snapshots
      
      
      Fix and Automatically Create Snapshots: You can set the snapshot name and snapshot storage duration (3 days, 7 days, or 15 days). It is recommended to set the duration to 7 days so that the snapshots can be rolled back in time if necessary.
      Fix Without Creating Snapshots: If snapshots have been created for all the servers selected for fixing vulnerabilities on the current day, this item becomes optional.

      Step 4: Fix vulnerabilities

      Click Confirm to start fixing the vulnerabilities. You can keep track of the process.
      
      

      Step 5: Check the server status changes

      Return to Vulnerability Details to check the server status changes. If vulnerability fixing fails, the status is "Fixing Failed"; if vulnerability fixing is successful, the status changes to "Fixed".
      
      
      After the vulnerabilities are fixed, if your business is greatly affected, click Rollback to go to CVMs > Snapshot List, and then select the snapshots created before the fixing to roll back them. After the rollback is successful, restart the servers to scan the vulnerabilities again.
      After the vulnerabilities are fixed, perform a Rescan to verify whether the vulnerabilities have been fixed.
      You can also click "Fix Details" to view the details of fixing.
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy