Changes for page Schwachstellen Management

Summary

• Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

...	...	@@ -15,7 +15,7 @@
15	15
16	16	== Strucuture of Vulnerability Management ==
17	17
18		-The //Vulnerability Management// plugin consists of various tabs, starting with the dashboard, where you can view relevant information about vulnerabilities in your company in a clearly summarised form (see "The Dashboard in Vulnerability Management"). The //[[detected Vulnerabilities>>doc:||anchor="HEntdeckteSchwachstellen"]] //tab lists all security vulnerabilities that have been discovered on at least one client in your environment. Under [[globally excluded Vulnerabilities>>doc:||anchor="HGlobalundlokalausgeschlosseneSchwachstellen"]], you will find vulnerabilities that have been excluded globally (for all known findings and possible future ones). This affects the entire vulnerability. [[Locally excluded Vulnerabilities>>doc:||anchor="HGlobalundlokalausgeschlosseneSchwachstellen"]] are only explicitly excluded for the selected clients and not for all of them.
	18	+The //Vulnerability Management// plugin consists of various tabs, starting with the dashboard, where you can view relevant information about vulnerabilities in your company in a clearly summarised form (see "The Dashboard in Vulnerability Management"). The //[[detected Vulnerabilities>>doc:||anchor="HDetectedVulnerabilities"]] //tab lists all security vulnerabilities that have been discovered on at least one client in your environment. Under [[globally excluded Vulnerabilities>>doc:||anchor="HGlobalandlocallyexcludedVulnerabilites"]], you will find vulnerabilities that have been excluded globally (for all known findings and possible future ones). This affects the entire vulnerability. [[Locally excluded Vulnerabilities>>doc:||anchor="HGlobalandlocallyexcludedVulnerabilites"]] are only explicitly excluded for the selected clients and not for all of them.
19	19
20	20	== Preparations for Vulnerability Management ==
21	21
...	...	@@ -67,7 +67,7 @@
67	67	\\If you manually initiate the download during working time and the message "Latest vulnerability definition files have already been downloaded" is displayed, there have been no changes to the file and you are up to date. However, if a file is updated on the update server during the day, it will be reinstalled with the next download.
68	68	)))
69	69	|All Clients grouped by severity|(((
70		-This widget displays all clients, group by the severity levels found. You can view this information in detail in a query. The widget itself presents the results in the form of a pie chart. The adjacent legend uses colours to indicate the highest security vulnerability found on the client and its weighting (see also "[[Weighting and severity of Vulnerabilities>>doc:||anchor="HGewichtungundSchweregradvonSchwachstellen"]]").
	70	+This widget displays all clients, group by the severity levels found. You can view this information in detail in a query. The widget itself presents the results in the form of a pie chart. The adjacent legend uses colours to indicate the highest security vulnerability found on the client and its weighting (see also "[[Weighting and severity of Vulnerabilities>>doc:||anchor="HWeightingandseverityofVulnerabilities"]]").
71	71	)))
72	72	|Clients with most vulnerabilities|(((
73	73	The widget displays the clients with the most vulnerabilities. If you would like more information and details, you can click on //Display details in query// in the lower right corner. The query opens in a new window. If you click on the client in the bar chart, you can also display the individual client details from there. There, in the //Discovered Vulnerabilities //tab, you will see the individually listed vulnerabilities, including all details.
...	...	@@ -74,7 +74,7 @@
74	74	)))
75	75	|Vulnerabilities affecting most Clients|This widget shows the vulnerabilities that occur most frequently in the scanned environment. The results are collected according to their frequency and displayed in a table. As in the other areas of the dashboard, you can also view the details in a query.
76	76	|Vulnerabilities with highest score|(((
77		-The widget displays the vulnerabilities sorted by the highest (CVSS) rating. By default, the sorting is from high to low. The grid items can be filtered, sorted and grouped as desired (see also chapter [[Setting up a grid in ACMP>>doc:ACMP.69.Arbeiten mit der ACMP Console.Aufbau der Console.Arbeitsbereich.Aufbau eines Grids in ACMP.WebHome]]). Call up more info about the results via Details in //Query Display//.
	77	+The widget displays the vulnerabilities sorted by the highest (CVSS) rating. By default, the sorting is from high to low. The grid items can be filtered, sorted and grouped as desired (see also chapter [[Structure of a grid in ACMP>>doc:ACMP.69.Arbeiten mit der ACMP Console.Aufbau der Console.Arbeitsbereich.Aufbau eines Grids in ACMP.WebHome]]). Call up more info about the results via Details in //Query Display//.
78	78	)))
79	79
80	80	== Properties of the fields in the Vulnerability grid ==
...	...	@@ -82,7 +82,7 @@
82	82	Below you will find explanations and meanings for the fields that provide a summary of the information in the vulnerability grid.
83	83
84	84	{{aagon.infobox}}
85		-Please note that the availability of the properties depends on which tab you are in (for example, ‘Vulnerability Exclusion Description’ and ‘Vulnerability Exclusion Creation of’ are only available in the global/local excluded vulnerabilities tabs and not under detected vulnerabilities).
	85	+Please note that the availability of the properties depends on which tab you are in (for example, "Vulnerability Exclusion Description" and "Vulnerability Exclusion Creation of" are only available in the global/local excluded vulnerabilities tabs and not under detected vulnerabilities).
86	86	{{/aagon.infobox}}
87	87
88	88	|**Properties**|**Description**
...	...	@@ -149,9 +149,9 @@
149	149
150	150	[[Example of a selected vulnerability in the Discovered Vulnerabilities tab>>image:69_Schwachstellen Management_Entdeckte Schwachstellen_131.png]]
151	151
152		-Actions can be conveniently executed via the ribbon bar or from the context menu. Here you can decide, for example, whether to exclude a security vulnerability globally or locally. An exclusion is used to remove irrelevant vulnerabilities from the count. Global exclusions apply to all known and possible future findings of a vulnerability (all clients), while local exclusions only apply to the selected clients. Select the desired number of vulnerabilities in the grid and select the respective button for a global ([[image:1762157012971-571.png]]) or local ([[image:1762157012971-207.png]]) exclusion of the vulnerability and enter a reason for the exclusion. Refresh ([[image:1762157012971-547.png]]) the current view of the discovered vulnerabilities or create a container for the selected vulnerability directly from the window ([[image:1762157012971-618.png]]). The action //Add selected vulnerabilities to an existing container //also allows you to add selected vulnerabilities to an existing container. If you have already created a container for a vulnerability, you can navigate to it using the [[image:1762157012972-692.png]] //Switch to Container// button; otherwise the button will be greyed out.
	152	+Actions can be conveniently executed via the ribbon bar or from the context menu. Here you can decide, for example, whether to exclude a security vulnerability globally or locally. An exclusion is used to remove irrelevant vulnerabilities from the count. Global exclusions apply to all known and possible future findings of a vulnerability (all clients), while local exclusions only apply to the selected clients. Select the desired number of vulnerabilities in the grid and select the respective button for a global ([[image:1762157012971-571.png]]) or local ([[image:1762157012971-207.png]]) exclusion of the vulnerability and enter a reason for the exclusion. Refresh ([[image:1762157012971-547.png]]) the current view of the discovered vulnerabilities or create a container for the selected vulnerability directly from the window ([[image:1762157012971-618.png]]). The action //Add selected vulnerabilities to an existing container //also allows you to add selected vulnerabilities to an existing container. If you have already created a container for a vulnerability, you can navigate to it using the [[image:1762157012972-692.png]] //Switch to Container// button; otherwise the button will be greyed out. You can also attach the selected vulnerability directly to the container using the //[[image:Schwachstelle dem Container hinzufügen Icon.png||height="21" width="19"]]Add vulnerability to container //action.
153	153
154		-The grid contains various details about the vulnerabilities detected, providing you with initial notes on the severity, the affected Clients and the time when the vulnerability was detected. A detailed list of the properties of the fields in the grid can be found [[here>>doc:||anchor="HEigenschaftenderFelderimSchwachstellenGrid"]].
	154	+The grid contains various details about the vulnerabilities detected, providing you with initial notes on the severity, the affected Clients and the time when the vulnerability was detected. A detailed list of the properties of the fields in the grid can be found [[here>>doc:||anchor="HPropertiesofthefieldsintheVulnerabilitygrid"]].
155	155
156	156	At the bottom, you will find three more tabs with detailed information about the selected vulnerability: //General//, //Affected Products//, and //Affected Elements//.
157	157
...	...	@@ -166,7 +166,7 @@
166	166	As long as you have not selected a client, the elements of all affected clients will be displayed.
167	167	{{/aagon.infobox}}
168	168
169		-The tab is divided into two areas: On the left, you can see the clients affected by the vulnerability. Double-click on the client to open the [[Client Details>>doc:ACMP.69.ACMP-Solutions.Client-Management.Abfrageverwaltung.Abfragen auswerten.WebHome]] for the Vulnerability. Alternatively, you can use the window to exclude the vulnerability locally on the selected client ([[image:1762157042989-970.png]]), so that it is listed under the //Locally excluded vulnerabilities //tab and removed from the count of affected clients.
	169	+The tab is divided into two areas: On the left, you can see the clients affected by the vulnerability. Double-click on the client to open the [[Client Details>>doc:ACMP.69.ACMP-Solutions.Client-Management.Abfrageverwaltung.Abfragen auswerten.WebHome||anchor="HOpenandworkwithClientDetails"]] for the Vulnerability. Alternatively, you can use the window to exclude the vulnerability locally on the selected client ([[image:1762157042989-970.png]]), so that it is listed under the //Locally excluded vulnerabilities //tab and removed from the count of affected clients.
170	170
171	171	{{aagon.infobox}}
172	172	As this is a client-based exclusion for the selected client, the exclusion appears under the "local" tab and not under the "global" tab.
...	...	@@ -179,12 +179,12 @@
179	179
180	180	From Vulnerability Management, you can create a container for a security vulnerability directly. This can be done either via the context menu or via the action [[image:1762157557134-524.png]] //Create Container// in the ribbon bar.
181	181
182		-To create a container, you must first select a vulnerability from the grid and then click on the action. The [[wizard for adding>>doc:ACMP.69.ACMP-Solutions.Client-Management.Container.Container verwalten.WebHome||anchor="HContainererstellen"]] a new ACMP container opens. The main difference to the regular creation process is that the //Name //field is already filled in with the CVE ID and the vulnerability has been inserted under the //dynamic client link//. Once you have created the container, the view automatically switches to the containers (//Client Management// > //Containers//) and you will see a list of clients that fall under the vulnerability. Alternatively, you can also access it via the action [[image:1762157557134-888.png]] //Switch to Container //in the ribbon bar.
	182	+To create a container, you must first select a vulnerability from the grid and then click on the action. The [[wizard for adding>>doc:ACMP.69.ACMP-Solutions.Client-Management.Container.Container verwalten.WebHome||anchor="HManagecontainers"]] a new ACMP container opens. The main difference to the regular creation process is that the //Name //field is already filled in with the CVE ID and the vulnerability has been inserted under the //dynamic client link//. Once you have created the container, the view automatically switches to the containers (//Client Management// > //Containers//) and you will see a list of clients that fall under the vulnerability. Alternatively, you can also access it via the action [[image:1762157557134-888.png]] //Switch to Container //in the ribbon bar.
183	183
184	184	= Global and locally excluded Vulnerabilites =
185	185
186	186	{{aagon.infobox}}
187		-Please note that you must have the necessary permissions to exclude Vulnerabilities (see "[[Preparation for working with Vulnerabilitiy Management>>doc:||anchor="HVorbereitungenfFCrdieArbeitenimSchwachstellenManagement"]]").
	187	+Please note that you must have the necessary permissions to exclude Vulnerabilities (see "[[Preparation for working with Vulnerabilitiy Management>>doc:||anchor="HPreparationsforVulnerabilityManagement"]]").
188	188	{{/aagon.infobox}}
189	189
190	190	You can specify global and locally excluded Vulnerabilities by clicking either //global //([[image:1762157671398-337.png]])// //or //exclude locally //([[image:1762157671399-248.png]]) under //Detected Vulernabilities //in the ribbon bar. The process for both types of exclusion is identical: Select the vulnerability or vulnerabilities you want to exclude in the grid and click the corresponding button. Enter a reason for the exclusion and confirm the window with //Yes//. You can then see the reason for the exclusion in the grid field in the other tabs (global or local).
...	...	@@ -241,35 +241,32 @@
241	241	The properties of the fields found here can be found in the following table.
242	242
243	243	|**Property**|**Description**
244		-|Erster Fund der Schwachstelle|Der erste Fund der Schwachstelle gibt das Datum und die Uhrzeit wieder, an dem der Scanner zum ersten Mal die Schwachstelle auf dem Client gefunden hat und wann der Datensatz zu der Sicherheitslücke erstellt wurde.
245		-|Letzter bekannter Fund|(((
246		-Es wird das Datum und die Uhrzeit festgehalten, an dem der Scanner das letzte Mal den Fund gemeldet hat.
	244	+|First discovery of the Vulnerability|The first discovery of the vulnerability reflects the date and time when the scanner first found the vulnerability on the client and when the dataset for the vulnerability was created.
	245	+|Last known discovery|The date and time when the scanner last reported the finding is recorded.
	246	+Please note that the time information in this field may change repeatedly, as it is updated each time the scanner rescans the finding. If a client is scanned and the security vulnerability is no longer found, the vulnerability on the client is considered closed (see also the ‘Closed since’ property).
	247	+|Closed since|The entry ‘Closed since’ refers to when a vulnerability was no longer found during a subsequent scan and was therefore given the status ‘Closed’. If a vulnerability is given a time stamp in this property, it is considered closed. If the same vulnerability occurs again at a different time, a new dataset is created with a new ‘first discovery of vulnerability’ date. This allows you to see whether a security vulnerability occurs multiple times.
	248	+|CVE ID|The CVE ID is a globally assigned identifier for a security vulnerability. It consists of the prefix ‘CVE’, the year in which the vulnerability was discovered, and the identification number, which stands for the sequential identifier (e.g. ‘CVE-2024-4450’).
	249	+|Vulnerabilities Description|The description summarises general fnformation about the vulnerability.
	250	+|Vulnerabilities Caption|The designation indicates the official name of the vulnerability. Often, the affected versions are also listed there, as well as the CVE ID again.
	251	+|Exclusion created by|The creator (ACMP username) who excluded the vulnerability is specified.
	252	+|Date of exclusion|The time of exclusion (date and time) at which the exclusion was created is recorded.
	253	+|CVSS Severity|The severity is classified into four categories of vulnerability: ‘Critical’, ‘High’, “Medium” or ‘Low’.
247	247
248		-Beachten Sie, dass sich die Zeitangaben zu diesem Feld immer wieder ändern können, denn jedes Mal, wenn der Scanner den Fund erneut scannt, wird er aktualisiert. Denn sollte ein Client gescannt werden und die Sicherheitslücke wird dann nicht mehr gefunden, gilt die Schwachstelle auf dem Client als geschlossen (siehe auch die Eigenschaft „Geschlossen seit“).
249		-)))
250		-|Geschlossen seit|Die Angabe „Geschlossen seit“ bezieht sich darauf, wann eine Schwachstelle beim erneuten Scan nicht mehr gefunden wurde und damit den Status „Geschlossen“ bekommt. Erhält eine Schwachstelle in dieser Eigenschaft eine Zeitangabe, gilt diese als geschlossen. Sollte die gleiche Schwachstelle zu einem anderen Zeitpunkt nochmal auftreten, wird ein neuer Datensatz erstellt mit einem neuen „erster Fund der Schwachstelle“-Datum. Hierdurch kann eingesehen werden, ob eine Sicherheitslücke mehrfach auftritt.
251		-|CVE ID|Die CVE ID ist eine global vergebene Kennung einer Sicherheitslücke. Diese setzt sich aus dem Präfix „CVE“, dem Jahr, in dem die Sicherheitslücke entdeckt wurde, sowie der Identifikationsnummer zusammen, die für die sequenzielle Kennung steht (z.B. „CVE-2024-4450“).
252		-|Schwachstellen Beschreibung|Die Beschreibung fasst allgemeine Informationen zu der Schwachstelle zusammen.
253		-|Schwachstellen Bezeichnung|Die Bezeichnung gibt die offizielle Nennung der Schwachstelle an. Oftmals sind dort auch die betroffenen Versionen gelistet sowie nochmals die CVE ID.
254		-|Ausschluss erstellt von|Es wird der Ersteller (ACMP Benutzername), der die Schwachstelle ausgeschlossen hat, angegeben.
255		-|Zeitpunkt des Ausschlusses|Es wird der Zeitpunkt des Ausschlusses (Datum und Uhrzeit) festgehalten, an dem der Ausschluss erstellt wurde.
256		-|CVSS Schweregrad|Der Schweregrad wird in vier Kategorien der Schwachstelle eingeordnet: „Kritisch“, „Hoch“, „Mittel“ oder „Niedrig“.
257	257
258	258
	257	+[[Insight into the history of vulnerabilities>>image:Screenshot 2025-10-28 121918.png]]
259	259
260		-[[Einsicht in die Schwachstellen Historie>>image:Screenshot 2025-10-28 121918.png]]
261		-
262	262	{{box}}
263		-**Wie lange werden die Daten der Schwachstellen Historie gespeichert?**
	260	+**How long are Vulnerability History Dates stored?**
264	264
265		-Der [[Serverjob>>doc:ACMP.69.ACMP-Solutions.System.Einstellungen.ACMP Server.WebHome||anchor="HGeplanteServeraufgaben"]] "Bereinigung der Schwachstellen Historie" ist für das Löschen veralteter Historie Einträge verantwortlich. Der Standardwert, nach dem die Einträge gelöscht werden, beträgt 90 Tage. Sie können die Anzahl der Tage unter den Aufräumoptionen anpassen und eine andere Zeitspanne angeben, wie lange die Logs aufbewahrt werden sollen. Klicken Sie dafür per Doppelklick auf die geplante Serveraufgabe und geben Sie eine andere Anzahl an Tagen an. Der Serverjob wird einmal täglich ausgeführt.
	262	+The [[server job>>doc:ACMP.69.ACMP-Solutions.System.Einstellungen.ACMP Server.WebHome||anchor="HGeplanteServeraufgaben"]] "Cleanup vulnerability history" is responsible for deleting deprecated history entries. The default value for deleting entries is 90 days. You can customize the number of days in the clean-up options and specify a different time period for how long the logs should be kept. To do this, click (double-click) on the scheduled server task and enter a different number of days. The server job should execute once a day.
266	266
267		-**Hinweis**: Der Löschzeitpunkt bezieht sich auf die Datums- und Zeitangabe des Feldes „Geschlossen seit“. Es werden nur die Daten gelöscht, die älter als die Angaben hier sind. Schwachstellen, die noch offen sind, werden nicht gelöscht und sind nicht von dem Serverjob betroffen.
	264	+**Note**: The deletion time refers to the date and time specified in the ‘Closed since’ field. Only data older than the information specified here will be deleted. Vulnerabilities that are still open will not be deleted and are not affected by the server job.
268	268	{{/box}}
269	269
270	270	{{aagon.infobox}}
271		-Folgende Faktoren können dazu führen, dass in der Historie unter Umständen viele Datensätze gespeichert werden:
272		-- Anzahl der Tage, wann veraltete Einträge gelöscht werden sollen
273		-- Anzahl der Clients, die verwaltet werden
274		-- Anzahl der Schwachstellen, die auf den Clients entdeckt werden oder vielleicht sogar immer wieder auftreten.
	268	+The following factors may result in a large number of data records being stored in the history:
	269	+- Number of days after which outdated entries are to be deleted
	270	+- Number of clients being managed
	271	+- Number of vulnerabilities detected on the clients or which may even occur repeatedly.
275	275	{{/aagon.infobox}}