Fortinet black logo

EMS Administration Guide

Viewing top ten vulnerabilities on endpoints

Viewing top ten vulnerabilities on endpoints

To view top ten vulnerabilities on endpoints:
  1. Go to Dashboard > Vulnerability Scan. The Top 10 Vulnerabilities widget displays the type of vulnerability and how many hosts the vulnerability has been detected on.

  2. Do one of the following:
    1. Click the vulnerability name. You can view the vulnerability on FortiGuard.

    2. Click the number of hosts that are affected by a vulnerability. You can view a list of endpoints where the vulnerability has been detected.

      Refresh

      Click to refresh the list of vulnerabilities in the content pane.

      Clear Filters

      Click to clear all filters applied to the list of vulnerabilities.

      Hostname

      Hostname of the endpoint where the vulnerability was detected.

      Username

      User that is currently logged into the endpoint where the vulnerability was detected.

      Last Seen

      Time of the last Telemetry communication between FortiClient EMS and the endpoint.

      Scan Time

      Time of the last Vulnerability Scan on the endpoint.

      You can filter the list of vulnerable endpoints by any column by clicking the filter icon beside the desired heading. Enter the value to include in the filter. You can toggle the All/Any/Not button for the following options:

      • All: Display all files that match the set filter.
      • Any: Display any file that matches the set filter.
      • Not: Display only files that do not match the set filter.

      Here, you can also click the hostname to view all detected vulnerabilities on that endpoint. You can filter the list of vulnerabilities in the same way that you can filter the list of endpoints above.

      Vulnerability

      Name of the vulnerability.

      Category

      Category of the vulnerability.

      Severity

      Severity level of the vulnerability.

      Patch Status

      You can click the Patch button to patch the selected vulnerability with the next Telemetry communication between FortiClient EMS and the endpoint.

      If a patch is already scheduled for the vulnerability, this column displays Scheduled.

      If the vulnerability must be patched manually, this column displays Manual Patch.

      FortiClient may be unable to automatically patch the vulnerability due to one of the following reasons:

      • Third-party application vulnerabilities: incorrect or missing installation paths
      • OS vulnerabilities: Windows update service is disabled

      In these cases, EMS may incorrectly display the status of these vulnerabilities that were selected to be automatically patched as Scheduled instead of Failed.

Viewing top ten vulnerabilities on endpoints

To view top ten vulnerabilities on endpoints:
  1. Go to Dashboard > Vulnerability Scan. The Top 10 Vulnerabilities widget displays the type of vulnerability and how many hosts the vulnerability has been detected on.

  2. Do one of the following:
    1. Click the vulnerability name. You can view the vulnerability on FortiGuard.

    2. Click the number of hosts that are affected by a vulnerability. You can view a list of endpoints where the vulnerability has been detected.

      Refresh

      Click to refresh the list of vulnerabilities in the content pane.

      Clear Filters

      Click to clear all filters applied to the list of vulnerabilities.

      Hostname

      Hostname of the endpoint where the vulnerability was detected.

      Username

      User that is currently logged into the endpoint where the vulnerability was detected.

      Last Seen

      Time of the last Telemetry communication between FortiClient EMS and the endpoint.

      Scan Time

      Time of the last Vulnerability Scan on the endpoint.

      You can filter the list of vulnerable endpoints by any column by clicking the filter icon beside the desired heading. Enter the value to include in the filter. You can toggle the All/Any/Not button for the following options:

      • All: Display all files that match the set filter.
      • Any: Display any file that matches the set filter.
      • Not: Display only files that do not match the set filter.

      Here, you can also click the hostname to view all detected vulnerabilities on that endpoint. You can filter the list of vulnerabilities in the same way that you can filter the list of endpoints above.

      Vulnerability

      Name of the vulnerability.

      Category

      Category of the vulnerability.

      Severity

      Severity level of the vulnerability.

      Patch Status

      You can click the Patch button to patch the selected vulnerability with the next Telemetry communication between FortiClient EMS and the endpoint.

      If a patch is already scheduled for the vulnerability, this column displays Scheduled.

      If the vulnerability must be patched manually, this column displays Manual Patch.

      FortiClient may be unable to automatically patch the vulnerability due to one of the following reasons:

      • Third-party application vulnerabilities: incorrect or missing installation paths
      • OS vulnerabilities: Windows update service is disabled

      In these cases, EMS may incorrectly display the status of these vulnerabilities that were selected to be automatically patched as Scheduled instead of Failed.