Viewing top ten vulnerabilities on endpoints
To view top ten vulnerabilities on endpoints:
- Go to Dashboard > Vulnerability Scan. The Top 10 Vulnerabilities widget displays the type of vulnerability and how many hosts the vulnerability has been detected on.
- Do one of the following:
- Click the vulnerability name. You can view the vulnerability on FortiGuard.
- Click the number of hosts that are affected by a vulnerability. You can view a list of endpoints where the vulnerability has been detected.
Refresh
Click to refresh the list of vulnerabilities in the content pane.
Clear Filters
Click to clear all filters applied to the list of vulnerabilities.
Hostname
Hostname of the endpoint where the vulnerability was detected.
Username
User that is currently logged into the endpoint where the vulnerability was detected.
Last Seen
Time of the last Telemetry communication between FortiClient EMS and the endpoint.
Scan Time
Time of the last Vulnerability Scan on the endpoint.
You can filter the list of vulnerable endpoints by any column by clicking the filter icon beside the desired heading. Enter the value to include in the filter. You can toggle the All/Any/Not button for the following options:
- All: Display all files that match the set filter.
- Any: Display any file that matches the set filter.
- Not: Display only files that do not match the set filter.
Here, you can also click the hostname to view all detected vulnerabilities on that endpoint. You can filter the list of vulnerabilities in the same way that you can filter the list of endpoints above.
Vulnerability
Name of the vulnerability.
Category
Category of the vulnerability.
Severity
Severity level of the vulnerability.
Patch Status
You can click the Patch button to patch the selected vulnerability with the next Telemetry communication between FortiClient EMS and the endpoint.
If a patch is already scheduled for the vulnerability, this column displays Scheduled.
If the vulnerability must be patched manually, this column displays Manual Patch.
FortiClient may be unable to automatically patch the vulnerability due to one of the following reasons:
- Third-party application vulnerabilities: incorrect or missing installation paths
- OS vulnerabilities: Windows update service is disabled
In these cases, EMS may incorrectly display the status of these vulnerabilities that were selected to be automatically patched as Scheduled instead of Failed.