Memset will perform the vulnerability scan as scheduled, it usually takes around 30 minutes to complete the scan (depending on any Rate Limiting imposed by the Server and how busy the server being analysed is). Once the scan is completed a report is automatically created and made available in your F-Secure Account. The report is detailed and lengthy as it will contain, in addition to critical problems, many minor issues and suggestions that can be followed to create an ideal deployment.
Self Managed Customers
For Customers using the Self Managed Vulnerability Management, an email summary will be sent to the contact listed in your F-Secure account (this is usually the Admin Contact listed on the Account). An example of notification received can be seen below;
Memset Managed Customers
If the server has Memset Managed Vulnerability Managed (usually included as part of our Premium Support offering) a notification will be sent to the Memset Support teams ticketing queue and will be reviewed shortly afterwards. Please allow up to 3 working days for the report to be reviewed.
We will advise on, or where possible fix issues identified as ‘Critical’ (only) according to current CVSSv3 scores and your Servers Configuration. If the issue can be resolved without operationally affecting the server e.g. upgrading the version of OpenSSL after a new Vulnerability is announced, then the work will be carried out and the Admin Contact listed on the Account notified of the work afterwards. However, should the needed work affect or have the potential to affect the normal running of the server e.g. upgrading the PHP or MySQL versions, then we will be in contact before making any changes explaining the issue at hand, the needed work and the possible ramifications of the work before making any changes. Only once confirmation is received will the work proceed.