Protect4S - VM User Guide
  • Protect4S - VM User Guide
  • Introduction
    • Quick setup
    • Support
    • Protect4S VM place in SAP system landscape
  • Pre-conditions and installation
    • Supported operating system and database types
    • Software version requirements
    • Recommendations
    • Heterogeneous database connections
  • Protect4S VM Software Installation
    • Add-On Installation, import support packages and upgrade
    • Installation post-processing
  • Create Protect4S VM users and roles
    • Distribution of satellite roles
    • satellite system ABAP RFC user using wizard
    • satellite system ABAP RFC user MANUAL SETUP
    • satellite system JAVA user
    • satellite system database user
    • satellite system operating system user
    • Operating system user other than <sid>adm
    • Satellite system BusinessObjects user
  • Check and set Application settings
  • Protect4S VM Menu
  • Execute the Quick setup
    • Company
    • Systems
      • Creating an ABAP system
      • Creating a JAVA system
      • Creating a BusinessObjects BI system
      • Creating a HANA standalone system
      • Creating a SAP Web Dispatcher system
      • Creating a SAProuter system
      • Creating a SAP Cloud Connector system
      • SAPControl security settings
  • Create a project
    • New project
    • New Scan
  • Check Template
  • Contact persons and Scan subscription
    • Contact persons
    • Scan subscriptions
  • Reports
    • Scan result
    • Scan results information
    • System tab
    • Company tab
    • Scan statistics tab
    • Check overview
    • Risk history
    • Scan statistics
    • Scan export
    • Mitigation report
    • Scan comparison
    • Management overview
    • Connection map
  • Mitigation of Vulnerabilities
    • Mitigation menu
  • Check exemptions
  • SIEM Interface
  • Integration
    • Incident Management
  • Information and support
    • Welcome menu
    • Product information
    • Check information
    • Change log
    • User Guide
    • Report a software defect
    • Feature request
  • Deinstallation
  • Appendix A: Troubleshooting Satellite System connection issues
    • SAPControl connections
    • Database connection
    • JAVA connection
    • HTTPS certificate errors
  • Appendix B: Installation database libraries
    • IBM DB2
    • MSSQL
    • MaxDB
    • Oracle
    • SAP Sybase
    • SAP HANA
  • Appendix C: satellite system Communication Ports
  • Appendix D: Protect4S VM SICF Services
  • Appendix E: using a server group
  • Appendix F System context
  • Appendix G DNS resolving
  • Appendix H Dump in Scan subsciptions
  • Appendix I HTTPURLLOC table
  • Appendix J - Risk Matrix
  • Appendix K - Short dump function module "PFL_GET_SINGLE_PARAMETER" not found
  • FAQs
    • General
    • Installation
    • Configuration
    • Projects and scans
  • Contact us
Powered by GitBook
On this page
  • Display-related settings
  • Check information

Was this helpful?

  1. Reports

Check overview

PreviousScan statistics tabNextRisk history

Last updated 2 years ago

Was this helpful?

The complete detailed list of checks that were executed during the scan may be accessed by pressing the "Check overview" button in the "Scan results" screen:

A list of checks is shown in the same tab. The list is sorted descending on the risk level- and ascending on mitigation effort columns.

The list may be sorted differently by the user by clicking on the column header. There are a number of display-related settings that may be changed by clicking on the "Display settings" icon.

Display-related settings

The display type dropdown menu has 3 available list formats:

  • List : the default overview, a standard list without hierarchy levels

  • Tree : a hierarchical view containing the group and subgroup headers of all checks as well as the checks themselves

  • Group/Subgroup: a collapsible hierarchical view containing the group and subgroup headers

The Risk weighting factor may be changed to favor either Impact and Likelihood. When the slider is adjusted, the relative weights of Impact and Likelihood values are changed, the Risk level is recalculated and the check overview is re-sorted.

The check result selection determines which checks will be shown in the list. For example it is also possible to view only the checks that passed by selecting "Pass".

All these user settings may be saved as a default setting. The next time the user accesses the check overview, these settings will be applied automatically.

You may find out why a certain check failed by selecting the display icon at the start of a record:

In the example above, a check was done to determine the SAP Standard users with known default passwords. The check failed because one such user (TMSADM) was found to exist in client 000 of the satellite system.

Check information

Each Check is supplied with detailed information regarding: Vulnerability, Solution and References:

The check tab contains a description of the check and shows some of its properties: whether it is client-dependent or instance-dependent and which platform layer it belongs to.

Some checks may have parameter values (thresholds). The check parameters tab shows the reference value that was used in execution of the check. In the example below, a check was made whether the SAP parameter login/password_lng contained a value larger or equal than 10:

The vulnerability tab contains a short description of the vulnerability:

The solution tab shows a a proposed best practice to mitigate this specific risk:

The references tab shows links to relevant SAP OSS Notes and SAP Help pages:

Accessing the Check overview
Check overview
Display-related settings
Check result
Check information - Check tab
Check information - Check parameters tab
Check information - Vulnerability tab
Check information - Solution tab
Check information - References tab