Skip to content

Overview

Vulnerability Manager

Vulnerability Assessment Module: CYBERQUEST integrates with OpenVAS (https://www.openvas.org/), a comprehensive vulnerability scanner that provides detailed security assessments.

The scanner obtains the tests for detecting vulnerabilities from a feed that has a long history and daily updates.

Vulnerability Manager can be accessed from Web Interface by navigating to Settings > Management > Vulnerability Manager. Vulnerability Manager page opens, listing defined sections:

Alt Image

Targets

To initiate scanning, target hosts must first be defined in the Vulnerability Manager.

If the list of hosts is empty, the command must also include a target locator.

  • Edit targets: Modify existing target configurations by clicking the edit icon.
  • Delete targets: Remove targets using the delete icon. As this action is irreversible, the system will prompt for confirmation before proceeding.

To create a new scan target, click Alt Image to open the configuration window:

Alt Image

Name: Enter a unique name to identify the scan target.

Comment: Provide an optional comment to document details or notes about the target.

Hosts: Provide the list of hosts to be scanned. This required field supports comma-separated values, hyphenated ranges, or CIDR notation for specifying IP addresses or hostnames.

Exclude Hosts: Specify hosts to be excluded from scanning. In addition, two options are available:

  • Reverse Lookup Only: Enables reverse DNS lookups for the specified exclusions.
  • Reverse Lookup Unify: Normalizes and groups reverse lookup results during exclusion processing.

SSH Credentials: Select the SSH credentials for authenticating with the target hosts.

SSH Port: Define the port to be used for SSH connections to the target hosts (default is 22).

SMB Credentials: Select the credentials used to authenticate to SMB services on the target hosts.

Port Lists: Choose from predefined port scan profiles, like as:

  • All IANA assigned TCP
  • All IANA assigned TCP and UDP
  • All TCP and Nmap top 100 UDP

ESXI Credentials: Select the credentials used to authenticate with ESXi servers on the target hosts.

The Update button refreshes the Targets configuration page to reflect the latest changes.

Tasks

After defining the target hosts, proceed to create scanning tasks for those hosts.

When an rcfile is provided, the config and target parameters should be omitted as they're already defined in the configuration file.

  • Edit tasks: Modify task parameters through the edit icon

  • Delete tasks: Remove tasks and associated reports using the delete icon. This irreversible action requires user confirmation before execution.

  • The Start task Alt Image button can be used to manually start an existing task.

  • The Stop task Alt Image button can be used to manually stop a running task.
  • The Clone task Alt Image button allows cloning of an existing task.

To create a New Task, press Alt Image button, a window will open Task configuration:

Alt Image

Name: Enter a descriptive name to identify the new task.

Comment: Provide an optional comment describing the task.

Config: Select the scan configuration profile to be used by this task

Target: Select the target hosts previously defined for scanning.

Hosts Ordering: Define the order in which target hosts are scanned. Available options include:

  • Sequential: scan hosts one after another in the listed order
  • Random: scan hosts in random order
  • Reverse: scan hosts in reverse order from the list

Scanner: Select the scanner engine to perform the task. Options may include the default OpenVAS scanner or another scanner integrated into the system.

Schedule: Choose a predefined schedule, configured in the Schedule section, to automatically run this task at specified times (daily, weekly, or monthly)

Schedule Periods: Define the number of times the task should be executed according to the chosen schedule. A value of 0 means no execution limit.

Maximum concurrently executed NVTs per host: Set the maximum number of Network Vulnerability Tests (NVTs) that can run simultaneously on each host.

Maximum concurrently scanned hosts: Define the maximum number of hosts that can be scanned in parallel during the task execution.

Add results to Assets: Enable or disable automatically adding scan results to the asset inventory.

Apply Overrides when adding Assets: Enable or disable applying any defined overrides when adding scan results to assets.

Min QOD (Quality of Detection) when adding Assets: Set the minimum Quality of Detection score required for vulnerabilities to be included in asset records.

Auto Delete Reports: Enable or disable automatic deletion of older reports once the defined report count limit is exceeded.

Reports Count: Specify how many reports to keep before older reports are removed (if Auto Delete Reports is enabled).

The Update button refreshes the Task function page.

Once scanning is configured, tasks must be started manually from the available list.

By default, the following scan configurations are provided:

  • Discovery

This scan configuration only uses VTs that provide information about the target system. No vulnerabilities are being detected.

Amongst others, the collected information contains information about open ports, used hardware, firewalls, used services, installed software and certificates. The system is inventoried completely.

The VT families are dynamic, i.e., new VTs of the chosen VT families are added and used automatically.

  • Empty

This scan configuration is an empty template containing no VTs. It can be cloned and used for a completely individual created scan configuration.

The VT families are static, i.e., new VTs of the chosen VT families are not added and used automatically.

  • EulerOS Linux Security Configuration

Offers hardening practices and security recommendations specifically for EulerOS Linux systems to reduce vulnerabilities and improve system defenses.

  • Full and fast

This scan configuration is ideal for most environments as a starting point, offering comprehensive coverage while minimizing potential system impact.

This scan configuration is based on the information gathered in the previous port scan and uses almost all VTs. Only VTs that will not damage the target system are used. VTs are optimized in the best possible way to keep the potential false negative rate especially low. The other “Full” configurations only provide more value in rare cases but with much higher effort.

The VT families are dynamic, i.e., new VTs of the chosen VT families are added and used automatically.

  • GaussDB 100 V300R001C00 Security Hardening Guide (Standalone)

Provides security configuration guidance for GaussDB 100 V300R001C00 standalone deployments, covering best practices to secure database operations.

  • GaussDB Kernel 100 V500R001C00 Security Hardening Guide

Details security hardening procedures for the GaussDB Kernel 100 V500R001C00 to strengthen protections at the database kernel level.

  • Host Discovery

This scan configuration is used to detect target systems. No vulnerabilities are being detected.

The used port scanner is Ping Host which detects whether a host is alive.

The VT families are static, i.e., new VTs of the chosen VT families are not added and used automatically.

  • Huawei Datacom Product Security Configuration Audit Guide

Describes methods and recommended settings to audit and secure Huawei Datacom products, ensuring compliance with security best practices.

Credentials

Credentials are login details (like usernames and passwords) used by the scanner to access target systems during a scan.

  • Credentials can be edited to update existing information.

  • Credentials can also be deleted from a note. As this is a destructive action, it is recommended that the client confirms the deletion before sending the request to the Manager.

To create New Credentials, click the Alt Image button. This opens a window for configuring credentials:

Alt Image

The fields below are also available in the Edit Credentials configuration page. Available options may vary depending on the selected credential type:

Name: Assign a name that identifies the credential.

Comment: Add an optional comment describing the credential.

Login (UserName): Specify the username associated with the credential.

Password: Enter the password for the specified login.

Confirm Password: Re-enter the password for confirmation.

The Update button reloads the Credentials configuration page to show the most recent data.

Schedules

The Schedule feature enables you to create recurring scan schedules with customizable timing parameters.

  • Edit schedules: Modify existing schedule configurations through the edit icon

  • Delete schedules: Remove schedules using the delete icon. As this action is irreversible, the system will prompt for confirmation before execution.

To create a new schedule, click the Alt Image button. This opens a configuration window:

Alt Image

The attributes listed below are also available in the Edit Schedules configuration page. Options may vary depending on the selected schedule type:

Name: Assign a name to identify the schedule.

Comment: Provide an optional description for the schedule.

First Time: Set the initial execution time using minute, hour, day of month, month, and year.

Duration (Hours): Specify the duration (in hours) for which the scheduled task should run. If the Open end checkbox is selected (enabled by default), the task will run without a predefined time limit.

Recurrence: Defines how often the scheduled task should repeat. This drop-down menu includes the following options:

  • Once - Executes the task a single time at the specified start time.

  • Hourly - Repeats the task every hour.

  • Daily - Repeats the task once every day.

  • Weekly - Runs the task once a week on the same day.
  • Monthly - Executes the task once a month on the same date.
  • Yearly - Runs the task annually on the same day and month.
  • Workweek - Repeats the task every weekday, from Monday through Friday.

The Update button refreshes the Schedules page to display the latest configuration.

Reports

When a task is started from the Tasks section, a corresponding report is generated in the Reports tab. These reports can be exported to CYBERQUEST for further analysis.

  • Export reports: Generate reports in CYBERQUEST (CQ) or CSV format
  • Delete reports: Remove reports using the delete icon. This irreversible action requires user confirmation before execution.
  • Clicking the Alt Imagebutton opens the scan results in XML format. This view allows reviewing detailed scan outcomes and provides the option to compare reports for analysis and validation.

Os

This section displays a list of operating systems identified by the scanner during the scanning process.

Assets

This section provides a list of assets discovered by the scanner during the scanning process.

Alt Image

Preferences

The Preferences section displays scanner preferences as key-value pairs, where the NVT (Network Vulnerability Test) and preference type are encoded in the preference name for clarity.

The Update button refreshes the Preferences page to display the latest configuration settings.

Configs

The Configs section provides access to scan configuration settings that define how vulnerability assessments are executed.

The Update button refreshes the Configs page to display the most recent configuration data.

Scanners

Displays information about available scanning engines and their associated tasks, retrieved from the configured scanner.

Alt Image

The Update button refreshes the Scanners page to ensure the latest data is shown.