2 Replies Latest reply on May 3, 2017 8:26 PM by sconlon

    Updating the scan engine

    sconlon

      Guys, I'm new to Vulnerability Manager. We are running 7.5 and I think the scan engine needs updating. It's latest threat appears to be 2012!

       

      Anyway, via Manage>Engines, I see the button for 'Updates'.

       

      Will that go pull the latest updates???

       

      In my environment I am hesitant to press this button, not knowing what will happen. Generally I will need to raise a change request before doing updates.....

       

      Thanks

        • 1. Re: Updating the scan engine
          foose

          Good Gravy!   Your vulnerability scanner sounds as used as most people's.  I have some Good News, some semi-good news and some bad news. 

           

          Good news - As long as you have an active license and route to the internet, yes, the "updates" button should just update the definitions & possibly apply some underlying sub release versions (I believe the most recent release is 7.5.10). 

           

          Semi-Good News -  There are some security vulnerabilities in MVM that you will resolve with updating to 7.5.10

           

          Bad News -  MVM is End of Life.  You have until January 2018 until it will no longer receive any definition updates.   I strongly suggest you look at your (seemingly non-existent) vulnerability management program and evaluate if active network probing/scanning still fits into your workflow.  If so, you may want to start evaluating replacement products such as Nexpose, Nessus or IP360. 

          • 2. Re: Updating the scan engine
            sconlon

            Thanks for the details foose. I think the organisation is planning a replacement tool for scanning, come jan 18. in the meantime i need to try ensure the scans MVM is doing are at least scanning against current definitions.

             

            I have Intel colleagues telling me the 'database' is up to date, but when i am seeing reports from scans, im seeing references to old old vulnerabiities, like 1999-2012. And CVE references that are equally as old.

             

            Do i just assume that if the 'database' is up to date then the scans are scanning against the latest definitions?

            or, does an already configured scan need to be re-configured/edited, to start using newer definitions?

             

            Grateful if you can assist/advise.....im very new to MVM.