Vulnerability Detection¶
The LogSentinel collector supports running vulnerability detection with a dedicated vulnerability connector. The connector supports two types of vulnerability assessment:
- web vulnerability scanning - the connector regularly tests a set of configured web pages (internal or externally-facing)
- vulnerability probing - the connector probes all discovered assets in order to detect known services and their respective versions and match them against CVE known vulnerabilities.
Below is a sample configuration:
vulnerabilityDetection:
# there needs to be a designated "vulnerabilities" data source at the SIEM
dataSourceId: 123e4567-e89b-12d3-a456-426614174000
web:
urls:
- https://hr.internal
- https://company.com
probe:
enabled: true
Additionally, through the Wazuh-based agent, we support agent-based vulnerability detection. It is handled by the ossec connector.
You can check the full configuration reference here.