This document explains how the CA Vulnerability Manager actually works.
CA Vulnerability Manager matches the network asset inventory with a database of possible threats and produces task lists that you can prioritize and use to secure the network from vulnerabilities.
CA Vulnerability Manager correlates technologies stored in asset profiles with a continuously updated database of validated vulnerabilities and best practice configuration standards to create a prioritized task list. The vulnerability and configuration standard information includes fixes, workarounds, and down-to-the-keystroke instructions to help system administrators address their systems' security needs.
The VM Services check for technologies (applications, databases, operating systems, configurations, patches) on the assets and return a list of those found. CA Vulnerability Manager then correlates this list of technologies to the database of vulnerabilities and configuration standards, producing the prioritized task list. System administrators can work through the risk-ranked task list to address the vulnerabilities and configuration standards that impact the security of their systems.