General configuration

Enable application and vulnerability detection

If this option is selected, vulnerability detection will be enabled and the relevant information will be visible in Stormshield Network REAL-TIME MONITOR.

REMARK

During the update (if you have purchased the license), the Vulnerability management module will be enabled by default. Alarms will be raised according to the default configuration: monitor all vulnerabilities for all internal hosts.

WARNING

Remember to update the vulnerability database in System\Active Update. Without a database that is up to date, the service may not run correctly.

 

Vulnerability detection relies on the analysis of network traffic. This allows detecting an application and/or a flaw, from the moment the user first uses the network.

Send simple reports to

Group of e-mail addresses to which summary reports will be sent.

 

These reports are brief and contain a summary of the vulnerabilities by product and the hosts affected.

Send detailed reports to

Group of e-mail addresses to which comprehensive reports will be sent.

 

Detailed reports contain a summary of vulnerabilities, as well as their detailed descriptions (family, client, possibility of remote exploitation) and a link to their references in the Stormshield Network knowledge base, which generally includes instructions regarding the bug fix to apply.

REMARK

E-mail address groups can be configured in the menu: Notifications\E-mail alerts\ Recipients tab.

List of monitored network objects

The list of monitored objects is displayed in the table together with the detection profiles assigned to them.

Network object (host or group – network – address range)

Selects the network object to which monitoring applies. This object will be scanned by the Stormshield Network Vulnerability Manager engine which will rely on the rules contained in the associated detection profile.

 

The type of object linked to the profile can only be a host, host group, network or address range.

WARNING

The list of monitored objects will be applied in order. This means that if a network object appears several times in this list, only the first detection profile will be applied.

REMARK

Objects can be created within the column using the button on the far right of the field in a new line.

Detection profile

Allows selecting a profile to restrict the applications to be monitored.

 

The profile can be selected in the drop-down list of the column, which appears by clicking on the arrow on the right, when you add a new line to the table. (See Add button below)

 

 

Several actions can be performed in this table:

Add

This button allows you to add a network object and a profile associated with this object in the list of monitored objects.

 

By clicking on this button, a blank line will appear in the table.

Delete

Select the object-profile pair to be deleted, then click on this button.

WARNING

You will not be asked to confirm the deletion of the profile.

Move up

Allows raising the priority of the association between a network object and a profile.

Move down

Allows lowering the priority of the association between a network object and a profile.

 

Below is the list of profiles and vulnerability families that will be detected and reported:

SERVERS CLIENT APPLICATIONS AND OPERATING SYSTEMS CLIENTS TOOLS

Servers: SSH Servers –HTTP Servers / Web – Database Servers – FTP Server – Mail Servers and Operating Systems

 

Servers – critical flaws: SSH-Web-Apps-DB-DNS-Web Server-FTP Server-Misc-Mail Server-P2P-OS

Client applications and operating systems (OS)

 

Client applications and operating systems (OS) – critical flaws

Mail client: Client, Mail (Thunderbird, Outlook, e-mail …)

 

Security tools: Antivirus, Security tools and Vulnerability scanner or Network scanner

 

FTP Servers 

 

Browsers and other web clients: Web clients, RSS feed readers

Administration tools: Administration client FTP, SSH etc.

Mail servers 

 

 

 

Web servers: web/HTTP content servers

 

 

 

Database servers (SQL)

 

 

 

“All known applications” profile

This profile allows assigning to an object (host, group, network or address range), the detection of all client/server and operating system vulnerabilities detected by the Stormshield Network Vulnerability Manager.