Follow

Alarm Management

NormShield, through use of custom and 3rd party scanners, produce security related findings that should be addressed. Here are some of the finding types that NormShield produces;

  • Technical vulnerabilities, in other words, vulnerabilities
  • Compliance controls
  • Software bugs
  • Alarms

Alarms are further classified in 3 main groups, aka products;

  • Unified Vulnerability Management (UVM) : alarms that fall into vulnerability management
  • Continuous Perimeter Monitoring (CPM) : alarms that fall into continuous monitoring such as port scanning, service scanning etc,
  • Cyber Threat Intelligence (CTI) : alarms that fall into cyber threat intelligence

 Alert: NormShield On-Premise version contains alarms placed in UVM and CPM products.

Even more, these products contain services (subgroups if you wish). Here's the list of services under UVM;

  • UVM - Asset Discovery
  • UVM - Automation
  • UVM - Custom Reports
  • UVM - Network Information Gathering
  • UVM - Ticket Management
  • UVM - Vulnerability Scan Management
  • UVM - Vulnerability SLA Alerts

Here's the list of some of the services under CPM related to NormShield On-Premise version; 

  • CPM - Portmap: Port Scan
  • CPM - Service Scan
  • CPM - SSL Grading
  • CPM - Passive Scan

Each of the services in turn contain various alarm types. For example the alarm types contained by "UVM - Asset Discovery" service are;

  • Asset Discovery - Started
  • Asset Discovery - Finished
  • Discovery - New IP Address Found

Alarm menu opens the list of alarms. The right hand side contains filter criteria for searching through alarms. The status of an alarm can be one of; Active, Deleted, Suppressed and Closed. Selecting one or more alarms and changing their status is possible by using the Update button under Operations section right below the Filters criteria section.

  • When an alarm is Active, it means no action has been taken since it's creation
  • When an alarm is Deleted, the meaning is obvious, however, the same alarm (same asset and same alarm type) can popup when NormShield finds/produces it again
  • When an alarm is Suppressed, it means there won't be any alarm produced in the future with the on the asset and with the same alarm type
  • When an alarm is Closed, it means an action has been taken, however, the same alarm (same asset and same alarm type) can popup when NormShield finds/produces it again

Clicking the detail icon for each alarm will reveal the details as shown below.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk