Vulnerability Management Extra - Vulnerabilities

Introduction

The "Vulnerabilities" menu of the Vulnerability Management Extra is where the results of the data ingested from the vulnerability management platform(s) is displayed.  This menu is broken down into two separate pages.  The "Triage Vulnerabilities" page is where you will see the list of all vulnerabilities that have not yet been hidden or triaged.  The "View Risks" page is where you will see the list of all vulnerabilities that have been triaged into risks.


Triage Vulnerabilities

The "Triage Vulnerabilities" page will be populated with the list of all vulnerabilities that have not yet been hidden or triaged.  At the top of the page, you will see how many vulnerabilities there are which need to be triaged.  Below that, you will see a table with five columns.  The rows in this table are ordered first by the "Score" column and then by the "Affected Assets" column, so that the highest priority vulnerabilities are displayed at the top of the page.




The first column, labeled "Triage", shows a green check and a red X icon.  When the green check is selected, the vulnerability displayed in that row will be removed from the "Triage Vulnerabilities" table.  A risk will be created for that vulnerability and the assets which have that vulnerability will be associated with the new risk.  The "View Risks" page will be updated to show that vulnerability and a link to the newly created risk.  If the red X icon is selected, the vulnerability will be removed from the "Triage Vulnerabilities" table, but no risk will be created for it.  There is currently no way to get vulnerabilities back (using the user interface) once a vulnerability has been hidden.



The second column, labeled "Score", will display the CVSS score that is associated with the vulnerability in that row.  This value comes from the vulnerability management platform and will be used to score the newly created risk, if you elect to triage the vulnerability.  CVSS scoring will automatically be used for new risks and the score can be updated for that risk after it has been created.




The third column, labeled "Title", will display the name of the vulnerability in that row.  This value typically represents a high-level name for the vulnerability and will be used for the risk "Subject" field in the newly created risk.


The fourth column, labeled "Description", will display a more detailed description of the vulnerability in that row.  This value will be used for the "Risk Assessment" field in the newly created risk.


The fifth column, labeled "Affected Assets", will display the total number of assets that have been found to be associated with the vulnerability in that row.  Once a vulnerability has been triaged into a risk, as long as the assets exist in the asset inventory (see "Configure" for instructions on how to enable this), each of these assets will be associated with the risk.


View Risks

The "View Risks" page will be populated with the list of all vulnerabilities which have been triaged into risks, regardless of whether processed manually or automatically.  At the top of the page, you will see how many vulnerabilities have been triaged.  Below that, you will see a table with five columns.  The rows in this table are ordered first by the "Score" column and then by the "Affected Assets" column, so that the highest priority risks are displayed at the top of the page.




The first column, labeled "Risk ID", will show the ID of the risk that was created when the vulnerability was triaged.  Clicking on the risk ID will open up that risk in a new browser tab.




The second column, labeled "Score", will display the CVSS score that is associated with the risk in that row.


The third column, labeled "Title", will display the name of the risk in that row and will match with the risk "Subject" field in the newly created risk.


The fourth column, labeled "Description", will display a more detailed description of the vulnerability in that row and will match with the "Risk Assessment" field in the newly created risk.


The fifth column, labeled "Affected Assets", will display the total number of assets that are associated with the newly created risk.