UpGuard's vulnerability scanner uses definitions written in the Open Vulnerability Assessment Language. OVAL is an open standard and the definitions are maintained by several groups, including Microsoft, Linux distribution owners, and the Center for Internet Security.

Finding Vulnerabilities

To begin using the vulnerability scanner you need to first add your nodes to UpGuard. After UpGuard has successfully scanned a node you can proceed to scan it for vulnerabilities.

  1. Navigate to the node detail page.
  2. Click the dropdown arrow next to the green Scan button and click Vulnerability Scan.

    vulnerability-scanning-01

  3. Before beginning the scan you have the option to limit the recency and severity of the vulnerability definitions used. This feature is simply for convenience - running all vulnerability checks can take a few minutes on certain systems and focusing the scan makes it faster.

    vulnerability-scanning-02

Understanding the Results

After a scan completes the vulnerabilities are interleaved with the scan depending on whether they are associated with files, packages, registry keys, etc.. Clicking on a vulnerability in one of the configuration item sections will show the item information and its associated vulnerability. Clicking on a vulnerability down in the “Vulnerability” section will tell you about the vulnerability. The information is essentially the same between the two but one prioritizes which file/package/etc is at fault and the other prioritizes the vulnerability definition.

Why include this redundancy? There is often a one-to-many mapping between items and vulnerabilities – a single vulnerability definition touches several items and a single item has multiple vulnerabilities filed against it. This presentation allows you to understand how your configuration state is resulting in your security risks.

vulnerability-scanning-03

Scheduled Vulnerability Scanning

To regularly run vulnerability scans across multiple nodes, go to the Scheduled Jobs page. Here you can create a job with the same configurable parameters as above (severity, recency) and the interval at which the job runs.

Tags: mitre oval