After you’ve created a policy, you can run an assessment that scans the targeted assets against the latest advisories. SaltStack SecOps Vulnerability also scans for available packages that can repair vulnerabilities identified by the advisory.

Note: After initial installation, SaltStack Config takes about 15-20 minutes to ingest vulnerability content. For best results, wait at least 20 minutes after installing SaltStack Config before you run your first vulnerability scan. See Updating the vulnerability library for more information.

To run an assessment:

  1. In the Vulnerability workspace, select a policy.

    Clicking a policy opens the selected policy’s dashboard.

    Note: You can also run a scan from the Vulnerability workspace by clicking the checkbox next to one or more policies and clicking Run assessment.
  2. In the policy dashboard, click Run assessment, then click Run assessment in the confirmation dialog.

    SaltStack SecOps Vulnerability begins to scan your systems against the latest advisories. See Tracking the status of an assessment for more information.

    Note: During the assessment, no changes are made to any of your systems. You will have the ability to remediate any issues later. See Remediating advisories for more information.

Tracking the status of an assessment

To check the status of current or past security assessments:

  1. In the Vulnerability workspace, click a policy.

    Clicking a policy opens the selected policy’s dashboard. The time and date of the last assessment and last remediation are noted in the upper-left of the dashboard. This also includes the assessment status if an assessment is currently queued or in progress.

  2. In the policy dashboard, go to the Activity tab to see a list of completed or in-progress scans and remediations.

    The initial status displays as Queued when you first run an assessment or remediation. This updates to Partial while the activity is in progress, and changes to Completed once all minions have returned. You might need to refresh your web browser to see status changes.

    See Activity status for more information.

Viewing assessment results

To view the results of your latest assessment:

  1. In the Vulnerability workspace, click a policy.

    Clicking a policy opens the selected policy’s dashboard. The policy dashboard includes a list of advisories returned from the assessment. To see more details about an advisory such as description and CVEs, click the double arrows icon double-arrows-icon to open a detail pane.

    See Assessment results for reference information about assessment results. See Running an assessment for additional information.

    Note: Your policy dashboard only shows the results of the most recent assessment. If you run an additional assessment, the most recent assessment replaces the previous assessment in the policy dashboard.
  2. Click the Minions tab to view assessment results sorted by node.

    If a column header includes a filter icon filter-icon, you can filter the results by that column type. Click the icon and select a filter option from the menu or type the text you want to filter by. You can remove active filters by clicking Clear Filters.

Downloading the assessment report

To download an assessment report in JSON format:

  1. In the Vulnerability workspace, click a policy.

    Clicking a policy opens the selected policy’s dashboard, which also includes the latest assessment results.

  2. In the policy dashboard, go to the Report tab and click Download. Select JSON from the menu.

    Your web browser begins downloading the report.

    Note: You can also view and print your Vulnerability dashboard in the Vulnerability workspace. See Viewing and printing your Vulnerability dashboard for more information.