The vulnerability list displays all the vulnerabilities in your system from all the different sources – be it infrastructure, application security or others. This is your single pane of glass for viewing, managing and remediating vulnerabilities.
Vulnerability risk status
The platform divides the vulnerabilities in it to four risk statuses, compatible with the vulnerability remediation lifecycle:
“Vulnerable” – vulnerabilities which represent risk to your organization. These can be pending or in progress.
“Fixed” vulnerabilities – vulnerabilities that their resolution was validated by a scan and were found to be remediated.
“Ignored” – vulnerabilities whose the user had accepted their risk or had chosen to “snooze” remediation activities related to them for a certain period of time.
The user can view the vulnerabilities filtered by their risk statys by clicking the relevant tab or choose to view all vulnerabilities by choosing the “All” tab.
Each vulnerability ingested to the Vulcan Platform is being enriched with assets and business-related data, consumed from connectors feeding the Vulcan platform (Cloud repositories, CMDBs, Agent-based platforms, Etc.) as well as threat intelligence (exploits, running campaigns, threat types) and remediation intelligence (patches, configuration changes, workarounds and compensating controls).
Table
The vulnerabilities are displayed in a table with the following fields:
Name – the vulnerability’s name as ingested from the source scanner
Risk – the assigned risk Vulcan’s risk algorithm calculated for the vulnerability
Source – the vulnerabilities source scanner
Discovery time – first known appearance of the vulnerability in the system
Status – The vulnerability’s status
Assets – number and type of assets vulnerable to this vulnerability
Threats – The threat intelligence that exists for this vulnerability in the wild – exploits, malware, OWASP Top 10 and more.
Business Groups – The Business Groups (see below) that the vulnerable assets belong to
Business groups
By clicking on the Business Group dropdown menu, and choosing a specific business group of the list, the vulnerability table will filter and show only vulnerabilities of the specific business group chosen, as well as the business associated risk.
Search bar
The search bar allows the user to build custom searches, based on different fields in the table, associated with the vulnerabilities, which will filter the vulnerability table accordingly. The user builds the search simply by clicking the search bar and choosing the parameter or parameters to search on.
In addition to the free text search, the following parameters are filterable in the Vulnerability list:
Risk level
Vulnerability source
Threats
CVSS
OS and version
Discovery time
Asset source
Qualys ID (QID)
CVE
SCCM patchable
Status
Tags
Excluded tags
Saved searches
Create a new Saved Search
To create a new Saved Search, follow these steps:
Use the search bar to filter the vulnerability list by your desired criteria.
Click “Save”.
Give your new Saved Search a meaningful name.
Click “Save”.
Edit an existing Saved Search
To edit an existing Saved Search, follow these steps:
Click the Saved Searches dropdown menu.
Find the Saved Search you want to edit.
Click the pencil icon.
Edit the Saved Search’s name.
Click “Save”.
Delete a Saved Search
To Delete an existing Saved Search, follow these steps:
Click the Saved Searches dropdown menu.
Find the Saved Search you want to edit.
Click the trashcan icon.
Click “Delete”.
Export
To export the vulnerability list to CVS, click the “Export” button. Note: the exported file will contain the vulnerabilities currently shown in the list, depending on the applied filter. To export all the vulnerabilities in your system, simply remove any filters from the search bar and click “Export”.