This document describes how to use the Vulnerability Management feature to manage the vulnerabilities on your servers.
Overview
Tencent Cloud CWPP allows you to perform periodic and on-demand checks on mainstream servers (Windows, Linux, etc.) for vulnerabilities. CWPP allows you to check specified servers for specified categories of vulnerabilities and ignore certain vulnerabilities. It presents information such as vulnerability risks, vulnerability characteristics, risk level, and solutions in a visualized form to help you better manage vulnerability risks on your servers.
Important Notes
The Vulnerability Management feature is available only if you have at least one server bound to a ( CWPP Pro/Ultimate) license.
The range of vulnerability management is described as follows:
|
Vulnerability scanning Applicable to Pro edition and Ultimate edition hosts. | Linux software vulnerabilities | ✓ | × |
| Windows system vulnerabilities | × | ✓ |
| Web-CMS vulnerabilities | ✓ | ✓ |
| Application vulnerabilities | ✓ | ✓ |
Exploit prevention Applicable to Ultimate edition hosts. | Linux software vulnerabilities | × | × |
| Windows system vulnerabilities | × | × |
| Web-CMS vulnerabilities | ✓ Only supports some vulnerabilities. | × |
| Application vulnerabilities | ✓ Only supports some vulnerabilities. | × |
Auto fix of vulnerabilities Applicable to Ultimate edition hosts. | Linux software vulnerabilities | ✓ Only supports some vulnerabilities. | × |
| Windows system vulnerabilities | × | × |
| Web-CMS vulnerabilities | ✓ Only supports some vulnerabilities. | ✓ Only supports some vulnerabilities. |
| Application vulnerabilities | × | × |
Due to the possibility of vulnerabilities fix affecting user business, automatic vulnerability fix is not immediately performed after detection. Users should review the vulnerabilities, click Fix , and perform data backup before proceeding with automatic fix.
Operation Guide
2. Click Vulnerability Management on the left sidebar. The fields and operations related to the feature are described as follows.
Vulnerability Scan
In the Vulnerability Scan section, you can perform a quick scan to obtain the results of the vulnerability scan, or set scheduled scans to identify and fix vulnerabilities in a timely manner.
Click Quick Scan to open the Quick Scan Settings pop-up window. You can perform a scan immediately after setting the vulnerability category, vulnerability level, scan timeout threshold, and servers covered by the scan.
Click the edit icon of Scan Settings or Scheduled Scan to open the Vulnerability Settings pop-up window and select Scheduled Scan. You can enable scheduled scan, and set scan interval, vulnerability level, and vulnerability categories, which will take effect immediately.
Click Details to view the details of the last scan. You can download the scan reports in a PDF or Excel format.
Exploit Prevention
In the Exploit prevention module, you can enable/disable the exploit prevention switch, view situations including the number of protected servers, successful prevention count, and prevention trends.
Click Protection settings to open the vulnerability settings pop-up and go to Exploit prevention . Here you can set the exploit prevention switch, view protectable vulnerabilities, select the prevention host range, and see prevention plugin details.
Click Number of Successful Defenses to view the current successfully prevented attacks and the attack details.
Vulnerability Handling
1. At the bottom of the vulnerability management page, you can view statistics of detected vulnerabilities and the detailed vulnerability list.
2. The Statistics module displays the status of vulnerability detections, the number of network attack events, today's new additions, and the total number of CWPP vulnerabilities in the database.
Field Description:
High-priority Vulnerability Fixes: This category displays hot attack vulnerabilities and severe/high-risk vulnerabilities, which need priority fixing. The default statistic shows the number of vulnerabilities to be fixed. Click Custom Definition Rules to define rules for determining high-priority vulnerabilities that need fixing.
All Vulnerabilities: The total number of detected Linux software vulnerabilities, Windows system vulnerabilities, Web-CMS vulnerabilities, and application vulnerabilities.
Affected Servers: The number of hosts with detected vulnerabilities.
Network Attack Events: The number of network attack events in the past month.
Supported Vulnerabilities: View the CWPP-supported vulnerability database. You can search up to 25 times daily, with each search displaying up to 100 results.
3. In the Vulnerability List module, the specific vulnerabilities detected are displayed, which are categorized into emergency vulnerabilities and all vulnerabilities. The two categories have no significant difference in features. The following introduces how to handle vulnerabilities to you, with All vulnerabilities as the example.
Field description:
Vulnerability Name/Tag: The detected vulnerability and the tag for the vulnerability (remote exploit, service restart, EXP exists, etc.).
Detection Method: Version comparison, and POC validation.
Vulnerability Category: Linux software vulnerabilities, Windows system vulnerabilities, Web-CMS vulnerabilities, and application vulnerabilities.
Threat Level: Critical, High, Medium, and Low.
CVSS: The score given by the Common Vulnerability Scoring System. The score ranges from 0 to 10, with 0 indicating the lowest risk and 10 the highest risk.
CVE No.: A unique number that identifies a vulnerability in the Common Vulnerabilities & Exposures library.
Last Detected: The time when the vulnerability was last detected.
Affected Servers: The number of servers where this vulnerability was detected.
Status: Pending, Fixing, Scanning, Fixed, Ignored, and Fix failed.
Auto Fix Status: Fix not supported, Auto fix (no restart required), and Auto fix (restart required).
Operation
Solution: For the vulnerabilities that cannot be automatically fixed, you can click Solution to open the vulnerability details pop-up window, and manually fix the vulnerability as described in the solution.
Auto Fix: Some Linux software vulnerabilities and Web-CMS vulnerabilities can be automatically fixed. You can click "Auto Fix" to open the vulnerability details pop-up window, and select the server to be fixed. For details, see Auto-Fixing of Vulnerabilities. Rescan: Perform a scan again for this vulnerability.
Ignore: Ignore the vulnerability. This vulnerability will no longer be scanned on the server.
Was this page helpful?