As a vCenter Server administrator, you want to have visibility of known vulnerabilities in your environment to understand your security posture and schedule maintenance windows for patching and remediation. With the help of vulnerability assessment, you can proactively minimize the risk in your environment. You can now monitor known vulnerabilities from the Carbon Black Cloud Workload Plug-in. You can discover vulnerabilities from the plug-in Summary tab or from the Vulnerabilities tab and coordinate with your teams to schedule maintenance windows for patches or updates. To view the vulnerability assessment feature, you must enable Carbon Black in your data center. After enabling Carbon Black, you can typically view vulnerability data within a few minutes.

Carbon Black looks into vulnerabilities related to:

  • Operating System (OS) of a virtual machine.
    • Windows OS: Displays OS-level vulnerabilities for Windows VMs. The system looks for OS details and the security patches applied on each VM. When the security patch associated with the vulnerability is not applied, the VM is flagged as vulnerable.
    • Linux OS: Displays OS-level vulnerabilities for Linux VMs. The system looks for OS details with the list of all installed packages. System determines the vulnerable packages installed on the VM and reports the CVEs against those packages.
  • Applications installed on the virtual machine.
    • Windows Apps: Displays application-level vulnerabilities for the Windows VMs.
    • Linux Apps: Displays application-level vulnerabilities for the Linux VMs.

Vulnerabilities Tab

  • In the left navigation pane, click the Carbon Black icon.
  • On the Carbon Black Cloud Workload Plug-in dashboard, click the Vulnerabilities tab.

Critical severity is the default filter. To go to the list of all vulnerabilities available on the Vulnerabilities tab, click All. The total vulnerabilities are the count of all vulnerabilities across all monitored assets and products (OS, applications, versions).

Depending on how you want to view the vulnerability data, you can either view the Asset View tab or the Vulnerability View tab. Use the Asset View tab to view which assets have known vulnerabilities. Use the Vulnerability View tab to view the list of all vulnerabilities on all the assets.

Each VM can have multiple vulnerabilities and each vulnerability can have different risk scores. Based on the risk score, vulnerabilities are filtered on the level of severity such as critical, important, moderate, and low. The higher the risk score, the higher the severity. The highest risk score is considered as a critical vulnerability. To learn more, refer to Evaluating Risk.

To export all data on the page to a CSV file, click Export.

Note: The export functionality is blocked in vCenter Server 6.7 and 7.0 due to a known vCenter Server issue. The issue is fixed in 7.0 U1 or later versions.

On the Asset View tab, the data is filtered based on Windows and Linux systems. To view more details about the risk score and the Common Vulnerability Scoring System (CVSS), click the Vulnerability Count number. Expand the row the view further details. To view details of CVE on the external National Vulnerability Database website, click the National Vulnerability Database link. Click the asset name of the affected VM which takes you to the VM > Monitor > Carbon Black > Vulnerabilities tab.

On the Vulnerabilities tab, the data is filtered based on the OS-level vulnerabilities and App-level vulnerabilities for Windows and Linux systems.

Vulnerability data for each virtual machine is refreshed automatically every 24 hours. If you want to view the updated vulnerability data immediately, click Reassess.

Note: Vulnerability data for the VMs newly added to your inventory is typically collected within minutes, but under certain circumstances it may take up to 24 hours.