Documentation Center
AlienVault® USM Appliance™

Vulnerability Assessment

AlienVaultUSM Appliance delivers vulnerability assessment as part of a complete package of security monitoring and management capabilities for efficient threat detection. Because to improve security in your network, you first need to know what is vulnerable.

What Is Vulnerability Assessment?

Vulnerability assessment is a functionality used for defining, identifying, classifying and prioritizing the vulnerabilities in your system.

USM Vulnerabilites architecture.

USM Appliance architecture.

The USM Appliance Server controls vulnerability scanning on USM Appliance Sensors. It scans assets in specific networks.

You can select which sensor should scan which network. Alternatively, you can also specify that the first available sensor in your USM Appliance deployment performs the scanning.

Vulnerability Assessment in USM Appliance

The USM Appliance Sensor has a built-in vulnerability scanner that you can use to detect vulnerabilities in critical assets. You then use these discovered vulnerabilities in cross-correlation rules, and when creating compliance and auditing reports.

The USM Appliance Server controls the following scanning functions by the USM Appliance Sensor:

  • Running and scheduling vulnerability scans
  • Generating and examining reports
  • Updating vulnerability signatures

Vulnerability Ticket Thresholds

Discovering a vulnerability by itself is important, but can be of little use without the ability to estimate the associated risk to an asset. For this reason, USM Appliance assigns a threshold to each vulnerability found in the system.

USM Appliance displays the vulnerability threshold in two locations:

  • Configuration > Administration > Main > Vulnerability Scanner

  • Environment > Vulnerabilities > Overview > Settings

You may also reconfigure the threshold in either of those locations.

Here's what the settings mean:

Vulnerability metrics
Vulnerability Threshold Definitions Associated Values
Serious 1
High 2
Medium 3, 4, and 5
Low 6
Info 7, 8, 9, and 10

Although USM Appliance displays the vulnerability ticket thresholds shown above, internally, it makes the correspondence between the two, based on the criteria that follow:

Internal correspondences between vulnerability ticket thresholds
Severity Internal Value
Serious 1
High 2
Medium 3
Low 6
Info 7

Vulnerability Threshold Normalization

USM Appliance normalizes these values using the following formula:

$risk = 8 - $internal_value

USM Appliance assigns the value of $risk, which cannot be modified. But, you can configure USM Appliance to generate a ticket, based on vulnerabilities, by setting the vulnerability ticket threshold value. (For details, see Changing the Vulnerability Ticket Threshold.)