This topic describes how to manage task instances, vulnerabilities, and risks after you create a scan task.

Prerequisites

You have created a scan task. For more information, see Create scan tasks.

Procedure

  1. Log on to the Cloud Security Scanner console.
  2. In the left-side navigation pane, click Task Instances and perform the following operations as needed.
    • View, search for, and filter task instances
      • Task instances created by scan tasks and the relevant information are displayed on the Task Instances page.
        The numbers of vulnerabilities at different risk levels are displayed in the Vulnerabilities column. The following table lists the risk levels and descriptions.
        Level Description
        High Vulnerabilities that can be exploited directly and easily. Attacks that can cause severe impact on your websites or servers, or cause major financial and data loss.
        Medium Vulnerabilities that can affect your websites or servers, but are difficult to be directly exploited. Attacks that cannot be directly launched against your websites or servers, but can cause vulnerabilities for further attacks.
        Low Attacks that cannot be directly launched against your websites or servers, but can provide information for other attackers to find vulnerabilities.
        Information Vulnerabilities that do not directly cause website security issues, but may provide information for other attacks, or can be used in other attack methods, such as social applications.
      • You can enter an IP/Domain/Task Name into the search box to search for a specific task instance. Task instances are listed on the Tasks Instances page according to their start time.
      • You can also select a status from the status drop-down list to filter instances based on their status. Instance statuses include: Waiting, Running, Stopped, Completed, and Paused. You can select a status and enter an IP/Domain/Task Name into the search box to search for instances.
    • View task instance details
      1. On the Task Instances page, click the target instance in the Instance Name/Scan Target column to go to the Instance Details page.
      2. Instance details and scan results are listed on the Instance Details page.
        • Instance Overview: Displays the overall information about the instance, task status, and risk statistics.
        • Attack Surfaces: Displays the attack surfaces detected by the task instance, including domains, subdomains, ports, and Web applications.
        • Risk Overview: Displays the statistics of risks detected by the task instance.
    • View and export attack surface details

      Attack surfaces are listed in the Attack Surfaces area on the Instance Details page. Attack surfaces include: Domains, Subdomains, DNS Records, Hosts, Ports, Web Applications, Web Servers, Web Paths, and Crawler Requests.

      To view attack surface details, click Details next to the attack surface.
      • Attack surface details - domains
      • Attack surface details - subdomains
      • Attack surface details - ports

        You can view the services provided through the ports of a host.

      • Attack surface details - Web applications

        You can view the information about the Web applications of a website, such as the content management system (CMS) and the framework.

      • Other attack surfaces

        You can view details of other attack surfaces as described in the proceeding examples.

      • Export attack surface details

        You can export attack surface details in the CVS format.

        1. Go to the details page of the target attack surface, and click Export in the upper-right corner. Export becomes Exporting
        2. Refresh the current page and check the export status. After the export process is complete, Exporting becomes Download. Click Download to download the data.

          Data is exported in the CSV format, as shown in the following figure. You can import the data to your data system for analysis.

    • View assets with risks
      • Assets with risks are listed in the Risk Overview area on the Instance Details page. You can click an asset to go to the details page.

        The Risk Overview area lists the domains and IP addresses that are at risk. Assets are fully scanned for risks. You can view the vulnerability details to manage risks more accurately.

      • In the left-side list, click an IP address to go to the Host Risk Details page to view the risk details.

        The IP address and the attack surface details, including Web paths, ports, crawler requests, and Web applications are listed on the Host Risk Details page.

      • In the left-side list, click a domain to go to the Domain Risk Details page to view the risk details.

        The domain and attack surface details, including Web paths, Web servers, crawler requests, and Web applications are listed on the Domain Risk Details page.

    • View vulnerability details

      You can redirect to the vulnerability details page from the Instance Details page or the Host/Domain Risk Details page and then manage the vulnerability.

      • Redirect from the Instance Details page
        1. On the Instance Details page, find the Risk Overview area, and click a vulnerability name to go to the details page.

        2. The details of the vulnerability, including the affected targets, status, and processing result are displayed on the Vulnerability Details page.

        3. You can click the left-side plus sign (+) to show the Proof of Concept. You can then verify and reproduce the vulnerability.
      • Redirect from the Host/Domain Risk Details page: Similar to redirecting from the Instance Details page, click a vulnerability name to view the details.

        The details of the vulnerability, including the affected targets, status, and processing result are displayed on the details page.

    • View check items
      1. On the Instance Details page, choose Instance Overview > Instance Information > Checked Items to go to the Check Results page. You can view details of the check items.
      2. All check items covered by the task instance are listed on the Check Results page. You can view the status of check items that you consider important, such as Redis, Hadoop, and MongoDB middleware.
    • View risk assessment reports

      You can generate and download risk assessment reports to a local device for further analysis.

      1. On the Task Instances page, click Generate in the Report column to generate a risk assessment report.
      2. After the report is generated, click Download.
      3. Decompress the downloaded ZIP file and open the index.html file to view the report.