Overview of Vulnerability Assessment

As a vCenter Server administrator, you need visibility of known vulnerabilities in your environment to understand your security posture and schedule maintenance windows for patching and remediation. With the help of vulnerability assessment, you can proactively minimize the risk in your environment. You can monitor known vulnerabilities from the Carbon Black Cloud Workload Plug-in. You can discover vulnerabilities from the Summary tab or from the Vulnerabilities tab and coordinate with your teams to schedule maintenance windows for patches or updates. To view the vulnerability assessment feature, you must enable Carbon Black in your data center. After enabling Carbon Black, you can typically view vulnerability data within a few minutes.

Carbon Black discovers vulnerabilities related to:

Operating System (OS) of a virtual machine.
- Windows OS: Displays OS-level vulnerabilities for Windows VMs. The system looks for OS details and the security patches applied on each VM. When the security patch associated with the vulnerability is not applied, the VM is flagged as vulnerable.
- Linux OS: Displays OS-level vulnerabilities for Linux VMs. The system looks for OS details with the list of all installed packages. System determines the vulnerable packages installed on the VM and reports the CVEs against those packages.
Applications installed on the virtual machine.
- Windows Apps: Displays application-level vulnerabilities for Windows VMs.
- Linux Apps: Displays application-level vulnerabilities for Linux VMs.

Vulnerabilities Tab

In the left navigation pane, click the Carbon Black icon.
On the Carbon Black Cloud Workload Plug-in dashboard, click the Vulnerabilities tab.

Critical severity is the default filter. To display a list of all vulnerabilities available on the Vulnerabilities tab, click All. The total vulnerabilities are the count of all vulnerabilities across all monitored assets and products (OS, applications, versions).

You can either view the Asset View tab or the Vulnerability View tab. Use the Asset View tab to view which assets have known vulnerabilities. Use the Vulnerability View tab to view the list of all vulnerabilities on all the assets.

To export all data on the page to a CSV file, click Export.

Note: The Export functionality is blocked in vCenter Server 6.7 and 7.0 due to a known vCenter Server issue. The issue is fixed in 7.0 U1 or later versions.

On the Asset View tab, the data is filtered on Windows and Linux. To view more details about the risk score and the Common Vulnerability Scoring System (CVSS), click the Vulnerability Count number. Expand the row the view further details. To view details of CVE on the external National Vulnerability Database website, click the National Vulnerability Database link. Click the asset name of the affected VM to open the VM > Monitor > Carbon Black > Vulnerabilities tab.

On the Vulnerabilities tab, the data is filtered based on the OS-level vulnerabilities and App-level vulnerabilities for Windows and Linux systems.

Vulnerability data for each virtual machine is refreshed automatically every 24 hours. To immediately view the updated vulnerability data, click Reassess.

Note: Vulnerability data for the VMs newly added to your inventory is typically collected within minutes, but under certain circumstances it can take up to 24 hours.