In this menu, you will be able to configure your policy for managing vulnerabilities that may appear on your network.
You can assign a detection profile to a host, network, group or address range. There are 12 pre-configured profiles by default.
The configuration of vulnerability management therefore simply consists of:
- Linking network objects to detection profiles and
- Deciding which recipients will receive vulnerability reports.
The Vulnerability management configuration screen comprises 2 zones:
- A General configuration zone: it contains a checkbox for enabling the module and various items for the general configuration.
- Advanced properties: an area for determining data lifetime and excluded objects.
The index of applications is based on the IP address of the host initiating the traffic.
A single IP address shared by several users can create a heavy load on the module. This happens for example, when an HTTP proxy, a TSE server or a router that performs dynamic NAT from the source, is used. It is therefore recommended that these shared IP addresses be placed in the exclusion list.