Understanding the Vulnerability Management System Wide Settings - Honeywell DOC4000 - 7.3 - Help - Intergraph

DOC4000 Help

Language
English
Product
Honeywell DOC4000
Search by Category
Help
PAS Version
7.3

The Vulnerability Management system wide settings allow you to specify a list of email addresses to notify if the import of the latest vulnerability and patch information is not completed successfully. These settings are defined as follows:

CVSS V3 Ratings

Defines the severity level DOC4000 displays for a vulnerability based on the Common Vulnerability Scoring System (CVSS) score of that vulnerability. The default severity levels are set as shown in the following table. The National Vulnerability Database (NVD) provides CVSS scores for almost all known vulnerabilities.

Severity Level

Default Minimum

Default Maximum

Low

0.0

3.9

Medium

4.0

6.9

High

7.0

8.9

Critical

9.0

10.0

Notify Users

Defines the list of email addresses that are sent notifications in the event the import of the latest PAS Vulnerability Management or PAS Patch Management asset model are not completed as expected. The latest vulnerability management file should be imported once every 24 hours. The latest patch management file should be imported once every month. Use a comma as the delimiter between two email addresses. The default value is blank. For more information about automating the download and import of the latest vulnerability and patch management information, see Understanding Vulnerability and Patch Management.

Additional DOC4000 settings allow you to refine the risk scores Vulnerability Management displays by customizing impact factors and groups for your environment.

For more information, see Understanding Impact Factors and Groups.