General configuration
| Enable application and vulnerability detection | If this option is selected, vulnerability detection will be enabled and the relevant information will be visible in Monitoring > Monitoring > Hosts module. Note that during the update (if you have purchased the license), the Vulnerability management module will be enabled by default. Alarms will be raised according to the default configuration: monitor all vulnerabilities for all internal hosts. Remember to update the vulnerability database in System > Active Update. Without a database that is up to date, the service may not run correctly. Vulnerability detection relies on the analysis of network traffic. This allows detecting an application and / or a flaw, from the moment the user first uses the network. |
| Send simple reports to | Group of e-mail addresses to which summary reports will be sent. These reports are brief and contain a summary of the vulnerabilities by product and the hosts affected. |
| Send detailed reports to | Group of e-mail addresses to which comprehensive reports will be sent. Detailed reports contain a summary of vulnerabilities, as well as their detailed descriptions (family, client, possibility of remote exploitation) and a link to their references in the Stormshield Network knowledge base, which generally includes instructions regarding the bug fix to apply. |
REMARK
E-mail address groups can be configured in the menu: Notifications > E-mail alerts > Recipients tab.
List of monitored network objects
The list of monitored objects is displayed in the table together with the detection profiles assigned to them.
| Network object (host or group – network – address range) | Selects the network object to which monitoring applies. This object will be scanned by the Stormshield Network Vulnerability Manager engine which will rely on the rules contained in the associated detection profile. The type of object linked to the profile can only be a host, host group, network or address range. The list of monitored objects will be applied in order. This means that if a network object appears several times in this list, only the first detection profile will be applied. Objects can be created within the column using the button on the far right of the field in a new line. |
| Detection profile | Allows selecting a profile to restrict the applications to be monitored. The profile can be selected in the drop-down list of the column, which appears by clicking on the arrow on the right, when you add a new line to the table (See Add button below). |
Several actions can be performed in this table:
| Add | This button allows you to add a network object and a profile associated with this object in the list of monitored objects. By clicking on this button, a blank line will appear in the table. |
| Delete | Select the object-profile pair to be deleted, then click on this button. Warning : you will not be asked to confirm the deletion of the profile. |
| Move up | Allows raising the priority of the association between a network object and a profile. |
| Move down | Allows lowering the priority of the association between a network object and a profile. |
Below is the list of profiles and vulnerability families that will be detected and reported:
| SERVERS | CLIENT APPLICATIONS AND OPERATING SYSTEMS | CLIENTS | TOOLS |
| Servers: SSH Servers –HTTP Servers / Web – Database Servers – FTP Server – Mail Servers and Operating Systems Servers – critical flaws: SSH-Web-Apps-DB-DNS-Web Server-FTP Server-Misc-Mail Server-P2P-OS |
Client applications and operating systems (OS) Client applications and operating systems (OS) – critical flaws
|
Mail client: Client, Mail (Thunderbird, Outlook, e-mail …) | Security tools: Antivirus, Security tools and Vulnerability scanner or Network scanner |
| FTP Servers | Browsers and other web clients: Web clients, RSS feed readers | Administration tools: Administration client FTP, SSH etc. | |
| Mail servers | |||
| Web servers: web/HTTP content servers | |||
| Database servers (SQL) |
“All known applications” profile
This profile allows assigning to an object (host, group, network or address range), the detection of all client / server and operating system vulnerabilities detected by the Stormshield Network Vulnerability Manager.