Attacked Vulnerable Hosts | Trend Micro Service Central

Attacked Vulnerable Hosts identify vulnerabilities in your network. Third-party scans generate the vulnerability data, which the SMS imports and presents as a list. This enhanced visibility into your network allows you to highlight blocked or permitted attacks targeted to vulnerable assets.

You can then make immediate updates to your security policy for the protection of your network. With the vulnerability insights provided by the Attacked Vulnerable Hosts, you can run updates on your assets.

Importing vulnerability scan data to the SMS — Before you can identify attacked vulnerable hosts in your network, you must first run a vulnerability scan using a third-party vendor and import this data to the SMS. Learn more: Import vulnerability scans.

To view Attacked Vulnerable Hosts on the SMS web management console select Threat Insights → Attacked Vulnerable Hosts. The following information displays.

Heading	Description
Expand/Collapse	Controls visibility to the relevant filters associated with the vulnerable host identified in a vulnerability scan. Expand to view additional information including: Relevant filter name Vulnerabilities identified including the CVE ID Last hit time Number of blocked hits Number of permitted hits
IP Address	Network IP address of the vulnerable host.
Host Name	Host name of the IP address, if available.
Last Scan	Name of the vulnerability scan file available on the SMS, and the number of days since it was imported to the SMS. Consider importing a new vulnerability scan file to replace files that are older than two weeks.
Relevant Filters	The number of filters identified. When you expand the table column, the name of the filter displays in addition to the vulnerabilities. The SMS establishes a correlation between the CVE IDs provided from a vulnerability scan and the CVE IDs included in the DV filters. Using this information, the relevant filters are displayed.
Vulnerabilities	When you expand the table column, the name of the filter is displayed along with any associated vulnerabilities. Expand an event to see the CVE ID identified in the DV filter.
Last Hit Time	Date and time when the relevant filter was processed by the inspection, and traffic was either blocked or permitted.
Blocked Hits	Number of times traffic was blocked by a filter and an event was generated.
Permitted Hits	Number of times traffic matched a filter and was permitted to flow through. If you see permitted hits, consider updating your security policy. Learn more: Profile tuning