In this article we are explaining some of the most common definitions used in the Security Center platform.
- Assets. A network asset is an asset that is considered to be part of a network for example an IP adress or a network i.e a /24 range. It may also be a web application asset for example: https://www.yourwebbapplication.com. The assets in Holm Security will define what ip-numbers and web applications you will have available to scan.
- Tags. in order to structure your assets and manage them in a handy way there is also tags in Holm Security. There are two types of tags: Dynamic tags (generated based on host fingerprint) & Static tags (Manually set by a user i.e Public Network).
Dynamic tags can be set with different types of rules in which you can apply the dynamic tag on multiple assets based on that rule.
- Network Scan. Refers to the function used for vulnerability assessments of the network layer e.g servers, routers, switches, printers etc. Can be used to scan anything that you have entered as an network asset.
- Web App scan. Refers to the function used for vulnerability assessments of the web application i.e https://www.yourwebbapplication.com. This engine will test the web application focusing on the HTTP(s) layer and the web technology used. To make an assessment of the whole application we recommend scanning both the web application and the corresponding IP of the webserver with Network Scan.
- Scanner appliance. A virtual appliance which can be assigned to run any scan both networks and webb applications. Practical use for a scanner appliance is to scan a local network from the inside, behind the firewall. This gives you a better insight on your security behind the firewalls. Firewalls are great, but not unbeatable.
- Scan Profiles. These are the settings that defines what the scan engine will do during the scan. You can have multiple profiles for different purposes. We recommend to use our pre-defined Scan Scan profiles which you can find under Scan Profiles -> Import which covers most of the normal use-cases.
- Schedules. The idea behind Holm Security is to have automation built in for all functions.
This is also why Schedules are recurring for all functions in the platform. You can schedule anything from Recurrent scans to reports being generated in any given time intervall.
- Vulnerabilities. Refers to the inability to withstand the effects of a hostile environment. Defensive measures are diminished, compromised or lacking. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.
- Remediation A function within the platform which generate tickets based on the policies you choose to utilize them. It can i.e be certain vulnerability levels or specific categories of vulnerabilities. You can also choose the source from which tickets are generated.