The SSIM has Assets populated from the Asset Detector with some vulnerabilities listed on them. Not all vulnerabilities reported by the Point Product are listed on the Vulnerabilities tab of the Asset though.
Not all items reported from a compliance check are actually vulnerabilities.
Symantec CCS VM reports on a number of things depending on how the compliance check is setup.
For more information on the types of items in the results from a check, please read the CCSVM_users_guide.pdf
The Vulnerability Result Codes which are not vulnerabilities, but have been mistaken for actual vulnerabilities are:
Vulnerable Version (Result Code VV) - This reports that the version of Software or Application is associated with known vulnerabilities but is not actually reporting the system/device as vulnerable.
Potential Vulnerability (Result Code VP) - This just shows the check for a potential vulnerability was positive, but not that an actual vulnerability was found.
Typically items with the Vulnerability Result Code of VE (Vulnerable, Exploited) do populate the Vulnerabilities tab of Assets through the Asset Detector. However, in some cases, even though these are Vulnerabilities that should be updated to the Asset, the event from CCS VM is missing a CVE and/or BID (BugTraq ID).
To be populated to the Vulnerabilities tab of an Asset, the event must contain a CVE or BID.
Symantec Control Compliance Suite Vulnerability Manager (CCS VM)
Symantec Event Collector for CCS VM v4.4
Imported Document ID: TECH196587
Subscribing will provide email updates when this Article is updated. Login is required.