In this menu, you will be able to configure your policy for managing vulnerabilities that may appear on your network.

You can assign a detection profile to a host, network, group or address range. There are 12 pre-configured profiles by default.

The configuration of vulnerability management therefore simply consists of:

  • Linking network objects to detection profiles and
  • Deciding which recipients will receive vulnerability reports.

The Vulnerability management configuration screen comprises 2 zones:

  • A General configuration zone: it contains a checkbox for enabling the module and various items for the general configuration.
  • Advanced properties: an area for determining data lifetime and excluded objects.

The index of applications is based on the IP address of the host initiating the traffic.
A single IP address shared by several users can create a heavy load on the module. This happens for example, when an HTTP proxy, a TSE server or a router that performs dynamic NAT from the source, is used. It is therefore recommended that these shared IP addresses be placed in the exclusion list.