The vulnerability list displays all the vulnerabilities in your system from all the different sources – be it infrastructure, application security, or others. This is your single pane of glass for viewing, managing, and remediating vulnerabilities.
Vulnerability risk status
The platform divides the vulnerabilities into four risk statuses, compatible with the vulnerability remediation lifecycle:
“Vulnerable” – vulnerabilities which represent a risk to your organization. These can be pending or in progress.
“Fixed” vulnerabilities – vulnerabilities that their resolution was validated by a scan and were found to be remediated.
“Ignored” – vulnerabilities the user had accepted their risk or had chosen to “snooze” remediation activities related to them for a certain time.
The user can view the vulnerabilities filtered by their risk status by clicking the relevant tab or view all vulnerabilities by choosing the “All” tab.
Each vulnerability ingested to the Vulcan Platform is being enriched with assets and business-related data, consumed from connectors feeding the Vulcan platform (Cloud repositories, CMDBs, Agent-based platforms, Etc.) as well as threat intelligence (exploits, running campaigns, threat types) and remediation intelligence (patches, configuration changes, workarounds and compensating controls).
Table
The vulnerabilities are displayed in a table with the following fields:
Name – the vulnerability’s name as ingested from the source scanner
Max Risk – the maximum risk that the Vulcan’s risk algorithm calculated for the vulnerability across all the assets with this vulnerability
Min Risk – the minimum risk that the Vulcan’s risk algorithm calculated for the vulnerability across all the assets with this vulnerability
Source – the vulnerabilities source scanner
First Seen – first known appearance of the vulnerability in the system
Last Seen – last time this vulnerability was confirmed to still be active in the system
Assets – number and type of assets vulnerable to this vulnerability
SLA – number of SLA's currently being breached
Business Groups – The Business Groups (see below) that the vulnerable assets belong to
Business groups
By clicking on the Business Group dropdown menu and choosing a specific business group from the list, the vulnerability table will filter and show only vulnerabilities of the specific business group chosen, as well as the business-associated risk.
Search bar
The search bar allows the user to build custom searches based on different fields in the table associated with the vulnerabilities, which will filter the vulnerability table accordingly. The user builds the search simply by clicking the search bar and choosing the parameter or parameters to search on.
In addition to the free text search, the following parameters are filterable in the Vulnerability list:
Above SPR Threshold
Asset Name
Asset source
Base Image
Connector
CVE
CVSS Score
Excluded tags
First Seen (days ago)
HackerOne Assigned To
Has Fix Type
OS
OS and version
Qualys ID (QID)
Risk level
SLA Status
Status
Tags
Threats
Time to SLA (days)
Vuln. Tags
Vulnerability source
Vulnerability type
Saved searches
Create a new Saved Search
To create a new Saved Search, follow these steps:
Use the search bar to filter the vulnerability list by your desired criteria.
Click “Save”.
Give your new Saved Search a meaningful name.
Click “Save”.
Edit an existing Saved Search
To edit an existing Saved Search, follow these steps:
Click the Saved Searches dropdown menu.
Find the Saved Search you want to edit.
Click the pencil icon.
Edit the Saved Search’s name.
Click “Save”.
Delete a Saved Search
To Delete an existing Saved Search, follow these steps:
Click the Saved Searches dropdown menu.
Find the Saved Search you want to edit.
Click the trashcan icon.
Click “Delete”.
Export
To export the vulnerability list to CVS, click the “Export” button. Note: the exported file will contain the vulnerabilities currently shown in the list, depending on the applied filter. To export all the vulnerabilities in your system, simply remove any filters from the search bar and click “Export”.