Changes for page Schwachstellen Management

Last modified by Sabrina V. on 2026/06/12 11:40

From 3.1 to 4.1

From version 4.1

edited by Sabrina V.
on 2026/02/23 11:56

Change comment: There is no comment for this version

To version 5.1

edited by Sabrina V.
on 2026/06/12 11:40

Change comment: There is no comment for this version

Raw
Rendered

Summary

Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

@@ -6,7 +6,7 @@
  Vulnerability Management is full integrated into ACMP and essentially goes through three steps: First, the ACMP Server must download or update the vulnerability definition file. Then, the vulnerability scanner must run on the client. Once the scan has been completed, the findings are transmitted to the ACMP Server and are available for continuing evaluation in ACMP.
  The entries are summarised for you in a table, in a grid. There you will find various info about the vulnerability (CVE ID and caption), as well as the respective severity and how many clients are affected by the security vulnerability.
--If you see a need for action to eliminate the vulnerabilities found, you can now create dynamic containers that can then be sent to the affected clients using a [[Client Command>>doc:ACMP.69.ACMP-Solutions.Desktop Automation.Client Commands.Client Command erstellen.WebHome]], a [[Windows Update Collection>>doc:ACMP.69.ACMP-Solutions.Patch Management.Windows Update Management.Windows Update Collection.WebHome]] or a [[Managed Software Updates>>doc:ACMP.69.ACMP-Solutions.Patch Management.Managed Software.Managed Software verteilen.WebHome]] Alternatively, you can also send the desired action directly to the affected clients. The aim of vulnerability management is to identify potential security vulnerabilities so that they can be eliminated.
++If you see a need for action to eliminate the vulnerabilities found, you can now create dynamic containers that can then be sent to the affected clients using a [[Client Command>>doc:ACMP.610.ACMP-Solutions.Desktop Automation.Client Commands.Client Command erstellen.WebHome]], a [[Windows Update Collection>>doc:ACMP.610.ACMP-Solutions.Patch Management.Windows Update Management.Windows Update Collection.WebHome]] or a [[Managed Software Updates>>doc:ACMP.610.ACMP-Solutions.Patch Management.Managed Software.Managed Software verteilen.WebHome]] Alternatively, you can also send the desired action directly to the affected clients. The aim of vulnerability management is to identify potential security vulnerabilities so that they can be eliminated.
  {{box}}
  **What is a vulnerability?**
@@ -24,13 +24,13 @@
  === **Pre-Configurations:** ===
  |**Valid licence**|Ensure that you have a valid license for vulnerability management. You will also need this when testing the module. The license can be requested or activated via your sales representative.
--|**Enable vulnerability scanner**|By default, the vulnerability scanner is disabled when ACMP is started up and must therefore be enabled. The scanner should generally be enabled in the [[Agent Tasks>>doc:ACMP.69.ACMP-Solutions.Client-Management.Agentenplaner.WebHome]] (//Client Management// > //Agent Tasks//) so that all clients are scanned. Navigate to the console area, select the //Vulnerability Scanner// job for the //Windows// operating system, and open the start conditions by double-clicking. Tick the //Enabled //checkbox and change the start condition as required (default: start interval: once a day).
--Alternatively, the vulnerability scanner can also be executed manually for individual Clients via the [[Query Management>>doc:ACMP.69.ACMP-Solutions.Client-Management.Abfrageverwaltung.WebHome]].{{aagon.warnungsbox}}Bear in mind that executing the vulnerability scanner puts a load on your systems. Therefore, set the start conditions so that the scanner is not executed at times when the load is generally high.{{/aagon.warnungsbox}}
--|**Zugriff auf ein File Repository**|It is also necessary that the clients to be scanned for vulnerabilities have access to a [[File Repository>>doc:ACMP.69.ACMP-Solutions.System.Verteilte File Repositories.WebHome]] containing the content of the "vulnerability definition files". These files are responsible for detecting new security vulnerabilities in your system and synchronising the list. Also ensure that the ACMP Server is connected to the internet so that it can download the updates. To do this, check that the [[necessary URLs>>doc:ACMP.69.ACMP installieren.Checkliste zur Installation.WebHome]] are shared via network share so that the resources can be accessed.
++|**Enable vulnerability scanner**|By default, the vulnerability scanner is disabled when ACMP is started up and must therefore be enabled. The scanner should generally be enabled in the [[Agent Tasks>>doc:ACMP.610.ACMP-Solutions.Client-Management.Agentenplaner.WebHome]] (//Client Management// > //Agent Tasks//) so that all clients are scanned. Navigate to the console area, select the //Vulnerability Scanner// job for the //Windows// operating system, and open the start conditions by double-clicking. Tick the //Enabled //checkbox and change the start condition as required (default: start interval: once a day).
++Alternatively, the vulnerability scanner can also be executed manually for individual Clients via the [[Query Management>>doc:ACMP.610.ACMP-Solutions.Client-Management.Abfrageverwaltung.WebHome]].{{aagon.warnungsbox}}Bear in mind that executing the vulnerability scanner puts a load on your systems. Therefore, set the start conditions so that the scanner is not executed at times when the load is generally high.{{/aagon.warnungsbox}}
++|**Zugriff auf ein File Repository**|It is also necessary that the clients to be scanned for vulnerabilities have access to a [[File Repository>>doc:ACMP.610.ACMP-Solutions.System.Verteilte File Repositories.WebHome]] containing the content of the "vulnerability definition files". These files are responsible for detecting new security vulnerabilities in your system and synchronising the list. Also ensure that the ACMP Server is connected to the internet so that it can download the updates. To do this, check that the [[necessary URLs>>doc:ACMP.610.ACMP installieren.Checkliste zur Installation.WebHome]] are shared via network share so that the resources can be accessed.
  === **Assign permissions** ===
--To be prepared for later work in Vulnerabilities Management, you should check the user permissions in advance to ensure that they are correct. To do this, open the permissions for the respective user group or user in [[User Management>>doc:ACMP.69.ACMP-Solutions.System.Benutzerverwaltung.WebHome]] (//System// > //User Management//). To do this, navigate to the wizard page //"Rights// //of the// //user"// > //Security// > //Vulnerability// //Management// and tick the necessary checkboxes. In order to be able to use all functions of the plugin, you should assign full rights (e.g. to exclude vulnerabilities later or to reverse this exclusion).
++To be prepared for later work in Vulnerabilities Management, you should check the user permissions in advance to ensure that they are correct. To do this, open the permissions for the respective user group or user in [[User Management>>doc:ACMP.610.ACMP-Solutions.System.Benutzerverwaltung.WebHome]] (//System// > //User Management//). To do this, navigate to the wizard page //"Rights// //of the// //user"// > //Security// > //Vulnerability// //Management// and tick the necessary checkboxes. In order to be able to use all functions of the plugin, you should assign full rights (e.g. to exclude vulnerabilities later or to reverse this exclusion).
  [[Distribute necessary permissions for Vulnerability Management>>image:69_Schwachstellen Management_Rechtevergabe_1119.png]]
@@ -51,7 +51,7 @@
  * Vulnerabilities with highest score
  {{box}}
--**Tip**: If you want to make changes to the display or positioning of the widgets, you can do so by following the corresponding [[instructions>>doc:ACMP.69.Arbeiten mit der ACMP Console.Aufbau der Console.Arbeitsbereich.Dashboards.WebHome]].
++**Tip**: If you want to make changes to the display or positioning of the widgets, you can do so by following the corresponding [[instructions>>doc:ACMP.610.Arbeiten mit der ACMP Console.Aufbau der Console.Arbeitsbereich.Dashboards.WebHome]].
  {{/box}}
  If the widgets have not yet been filled with dates, you may need to take the necessary precautions mentioned above.
@@ -63,7 +63,7 @@
  |Download statistics|(((
  The download statistics in Vulnerability Management provide you with info about when the last update was checked for and when the definition file was last downloaded. When finding updates, various status messages may be listed after the time (e.g. ‘OK’, ‘Latest vulnerability definition files have already been downloaded’), which may also indicate an error message. This may be the case, for example, if the server could not be reached and therefore no new file could be imported. In this case, click on //Update vulnerability definition file //in the ribbon bar again and wait for the new result.
--Please note that only one file will be downloaded if a new version is available. The file is updated based on the start condition specified in the [[scheduled server tasks>>doc:ACMP.69.ACMP-Solutions.System.Einstellungen.ACMP Server.WebHome||anchor="HGeplanteServeraufgaben"]] (//System// > //Settings //> //ACMP// //Server// > //Scheduled Server Tasks//) (Default: Start every five hours).
++Please note that only one file will be downloaded if a new version is available. The file is updated based on the start condition specified in the [[scheduled server tasks>>doc:ACMP.610.ACMP-Solutions.System.Einstellungen.ACMP Server.WebHome||anchor="HGeplanteServeraufgaben"]] (//System// > //Settings //> //ACMP// //Server// > //Scheduled Server Tasks//) (Default: Start every five hours).
  \\If you manually initiate the download during working time and the message "Latest vulnerability definition files have already been downloaded" is displayed, there have been no changes to the file and you are up to date. However, if a file is updated on the update server during the day, it will be reinstalled with the next download.
  )))
  |All Clients grouped by severity|(((
@@ -74,7 +74,7 @@
  )))
  |Vulnerabilities affecting most Clients|This widget shows the vulnerabilities that occur most frequently in the scanned environment. The results are collected according to their frequency and displayed in a table. As in the other areas of the dashboard, you can also view the details in a query.
  |Vulnerabilities with highest score|(((
--The widget displays the vulnerabilities sorted by the highest (CVSS) rating. By default, the sorting is from high to low. The grid items can be filtered, sorted and grouped as desired (see also chapter [[Structure of a grid in ACMP>>doc:ACMP.69.Arbeiten mit der ACMP Console.Aufbau der Console.Arbeitsbereich.Aufbau eines Grids in ACMP.WebHome]]). Call up more info about the results via Details in //Query Display//.
++The widget displays the vulnerabilities sorted by the highest (CVSS) rating. By default, the sorting is from high to low. The grid items can be filtered, sorted and grouped as desired (see also chapter [[Structure of a grid in ACMP>>doc:ACMP.610.Arbeiten mit der ACMP Console.Aufbau der Console.Arbeitsbereich.Aufbau eines Grids in ACMP.WebHome]]). Call up more info about the results via Details in //Query Display//.
  )))
  == Properties of the fields in the Vulnerability grid ==
@@ -101,7 +101,7 @@
  |Computer Name|Returns the computer name on which the vulnerability was found.
  {{box}}
--**Tip**: In the chapter "[[Structure of a grid in ACMP>>doc:ACMP.69.Arbeiten mit der ACMP Console.Aufbau der Console.Arbeitsbereich.Aufbau eines Grids in ACMP.WebHome]]", you will find general tips and advice on how to sort, filter or group items according to your preferences.
++**Tip**: In the chapter "[[Structure of a grid in ACMP>>doc:ACMP.610.Arbeiten mit der ACMP Console.Aufbau der Console.Arbeitsbereich.Aufbau eines Grids in ACMP.WebHome]]", you will find general tips and advice on how to sort, filter or group items according to your preferences.
  {{/box}}
  == Weighting and severity of Vulnerabilities ==
@@ -166,13 +166,13 @@
  As long as you have not selected a client, the elements of all affected clients will be displayed.
  {{/aagon.infobox}}
--The tab is divided into two areas: On the left, you can see the clients affected by the vulnerability. Double-click on the client to open the [[Client Details>>doc:ACMP.69.ACMP-Solutions.Client-Management.Abfrageverwaltung.Abfragen auswerten.WebHome||anchor="HOpenandworkwithClientDetails"]] for the Vulnerability. Alternatively, you can use the window to exclude the vulnerability locally on the selected client ([[image:1762157042989-970.png]]), so that it is listed under the //Locally excluded vulnerabilities //tab and removed from the count of affected clients.
++The tab is divided into two areas: On the left, you can see the clients affected by the vulnerability. Double-click on the client to open the [[Client Details>>doc:ACMP.610.ACMP-Solutions.Client-Management.Abfrageverwaltung.Abfragen auswerten.WebHome||anchor="HOpenandworkwithClientDetails"]] for the Vulnerability. Alternatively, you can use the window to exclude the vulnerability locally on the selected client ([[image:1762157042989-970.png]]), so that it is listed under the //Locally excluded vulnerabilities //tab and removed from the count of affected clients.
  {{aagon.infobox}}
  As this is a client-based exclusion for the selected client, the exclusion appears under the "local" tab and not under the "global" tab.
  {{/aagon.infobox}}
--In addition you can execute a Windows job on all or selected Clients ([[image:1762157042990-669.png]]) (e.g. to manually fix the Vulnerability using a previously created Client Command) or to rescan ([[image:1762157042990-817.png]]) the Windows Client (to execute an [[Agent Task or Maintenance Task>>doc:ACMP.69.ACMP-Solutions.Client-Management.Agentenplaner.WebHome]]). The affected items for all clients are listed on the right, allowing you to see at a glance the name of the item, the local path, and continuing information about the last access, type, or version number.
++In addition you can execute a Windows job on all or selected Clients ([[image:1762157042990-669.png]]) (e.g. to manually fix the Vulnerability using a previously created Client Command) or to rescan ([[image:1762157042990-817.png]]) the Windows Client (to execute an [[Agent Task or Maintenance Task>>doc:ACMP.610.ACMP-Solutions.Client-Management.Agentenplaner.WebHome]]). The affected items for all clients are listed on the right, allowing you to see at a glance the name of the item, the local path, and continuing information about the last access, type, or version number.
  )))
  == Create Container for a Vulnerability ==
@@ -179,7 +179,7 @@
  From Vulnerability Management, you can create a container for a security vulnerability directly. This can be done either via the context menu or via the action [[image:1762157557134-524.png]] //Create Container// in the ribbon bar.
--To create a container, you must first select a vulnerability from the grid and then click on the action. The [[wizard for adding>>doc:ACMP.69.ACMP-Solutions.Client-Management.Container.Container verwalten.WebHome||anchor="HManagecontainers"]] a new ACMP container opens. The main difference to the regular creation process is that the //Name //field is already filled in with the CVE ID and the vulnerability has been inserted under the //dynamic client link//. Once you have created the container, the view automatically switches to the containers (//Client Management// > //Containers//) and you will see a list of clients that fall under the vulnerability. Alternatively, you can also access it via the action [[image:1762157557134-888.png]] //Switch to Container //in the ribbon bar.
++To create a container, you must first select a vulnerability from the grid and then click on the action. The [[wizard for adding>>doc:ACMP.610.ACMP-Solutions.Client-Management.Container.Container verwalten.WebHome||anchor="HManagecontainers"]] a new ACMP container opens. The main difference to the regular creation process is that the //Name //field is already filled in with the CVE ID and the vulnerability has been inserted under the //dynamic client link//. Once you have created the container, the view automatically switches to the containers (//Client Management// > //Containers//) and you will see a list of clients that fall under the vulnerability. Alternatively, you can also access it via the action [[image:1762157557134-888.png]] //Switch to Container //in the ribbon bar.
  = Global and locally excluded Vulnerabilites =
@@ -233,7 +233,7 @@
  Complete the remaining wizard and specify any continuing configurations if necessary.
  {{box}}
--General fnformation on the query base can also be found in the chapter of the same name in [[Query Management>>doc:ACMP.69.ACMP-Solutions.Client-Management.Abfrageverwaltung.Abfragen erstellen.Basis der Abfrage.WebHome]].
++General fnformation on the query base can also be found in the chapter of the same name in [[Query Management>>doc:ACMP.610.ACMP-Solutions.Client-Management.Abfrageverwaltung.Abfragen erstellen.Basis der Abfrage.WebHome]].
  {{/box}}
  Important information about vulnerabilities discovered on a client is stored in historical data, allowing you to track the development of your vulnerability management or retrieve this information in the event of an audit. As soon as a new vulnerability is found on a client, a new dataset is created in the history and listed below. This includes, for example, info about when the scanner first found a vulnerability (display field "First vulnerability found") and when it last detected it ("Last known finding"). For more accurate tracking, both the date and time are stored.
@@ -259,7 +259,7 @@
  {{box}}
  **How long are Vulnerability History Dates stored?**
--The [[server job>>doc:ACMP.69.ACMP-Solutions.System.Einstellungen.ACMP Server.WebHome||anchor="HGeplanteServeraufgaben"]] "Cleanup vulnerability history" is responsible for deleting deprecated history entries. The default value for deleting entries is 90 days. You can customize the number of days in the clean-up options and specify a different time period for how long the logs should be kept. To do this, click (double-click) on the scheduled server task and enter a different number of days. The server job should execute once a day.
++The [[server job>>doc:ACMP.610.ACMP-Solutions.System.Einstellungen.ACMP Server.WebHome||anchor="HGeplanteServeraufgaben"]] "Cleanup vulnerability history" is responsible for deleting deprecated history entries. The default value for deleting entries is 90 days. You can customize the number of days in the clean-up options and specify a different time period for how long the logs should be kept. To do this, click (double-click) on the scheduled server task and enter a different number of days. The server job should execute once a day.
  **Note**: The deletion time refers to the date and time specified in the ‘Closed since’ field. Only data older than the information specified here will be deleted. Vulnerabilities that are still open will not be deleted and are not affected by the server job.
  {{/box}}