Table of Contents
Advertisement
Chapter 12: Interpreting Scan Results
Viewing Vulnerabilities by Detail
Introduction
Benefits
Field descriptions
176
You can examine event details that may be related to an attack or that you consider
unusual.
You analyze event data to evaluate the effectiveness of your system's security and to
investigate any suspicious activity. You can analyze event data in several ways:
examine events affecting specific agents, hosts, and groups
●
review high-level results and trends for groups or Sites. This method is particularly
●
useful for printing or distributing reports about network and host security status
The following table describes the fields and descriptions for this vulnerability view:
Field
Tag Name
Severity
Status
Target IP
Agent DNS Name
Object Type
Object Name
User Name
Source Port
algorithm-id
Table 63: Vulnerability analysis–detail fields
Description
Use this filter to display or suppress events that match one or
more tag names. You can filter on tag names from the Site
database or on user-defined tag names.
Use this filter to display events according to their level of severity.
You use the Status filter differently for events and vulnerabilities.
•
Events: The Status column indicates the impact of the event.
•
Vulnerabilities: The Status column indicates whether the
vulnerability was found.
Use this filter to show only the statuses that interest you.
Use this filter to monitor a specific IP address that you suspect is
the target of attacks. The IP address can be either internal or
external. This information is typically modified for you as you
explore event data.
•
If you do not know the exact IP address, use the options in the
Operation list to request IP addresses when you do not the
exact one to request.
•
If you only know the IP address you do not want to see, you
can exclude one or more IP addresses.
Use this filter to display or suppress events that match the Domain
Name Service (DNS) name of a host computer where a agent is
installed.
Use this filter to analyze a specific type of object that you suspect
is the target of attacks.
Use this filter to see events involving a specific object according to
the object's name.
Use this filter to display or suppress events that match the User
Name, if any, associated with an event.
The port on which the vulnerability was detected.
This is a check id used by IBM ISS to identify the check.
IBM Internet Security Systems
Advertisement
Table of Contents
