Skip to main content
The Vulcan Analytics

An intro to Vulcan Analytics and system behavior of filters, data drilling, and data-validation

Updated over 5 months ago

About Vulcan Analytics

The data analytics in your Vulcan Platform offers statistical analysis of your Vulcan data to help you monitor the status and progress of vulnerabilities, SLAs, remediation, and much more. Use Vulcan Analytics to analyze and shape your cyber-security processes and improve decision-making.

The Vulcan Analytics offers:

  • Vulcan Reports: a collection of pre-defined reports made by the Vulcan Analytics team

  • Self-service Reports: the ability to create your own customized reports. Customized reports can be created by using:

    • Customized widgets (create your own widgets)

    • Pre-made widgets (from the Widgets Bank)


Available Vulcan Reports

Report

Description

Top Operational Findings

The Top Operational Report, prefiltered by Critical Unique Vulnerabilities in the "Vulnerable" or "In Progress" status, provides valuable insights into your organization's security posture and vulnerability management. The report helps you understand compliance percentage, total vulnerability count, and asset associations. Identify top vulnerabilities, prioritize remediation efforts, and track critical vulnerabilities across business groups. This concise and valuable report lets you make informed decisions to enhance your cyber security.

End of Life

The EOL Analytics report is designed to provide you with valuable analytics concerning the end-of-life (EOL) dates for operating systems (OS) and versions on hosts. Through the analytics section, you have the ability to access and analyze your EOL assets, gaining visibility into their overall status and progress across the organization and within specific business groups. This report relies on the end of life date open-source project to ensure accurate and up-to-date EOL indicators for your assets. It allows you to identify and highlight assets that have already reached their EOL date or are approaching it, empowering you to effectively prioritize and manage your remediation efforts. Furthermore, this report provides you with valuable insights into your EOL assets from different angles, such as OS, business groups, risk levels, and SPR (Security Patch Remediation). By leveraging these insights, you can gain a comprehensive understanding of the EOL assets within your organization.

Campaign Tracking

The Campaign Tracking report provides remediation KPIs such as MTTR (Mean Time to Remediation), average daily remediated/introduced vulnerabilities, and campaign coverage, generating a bigger picture of the remediation workload capacity in your organization. Use the "Filters" pane on the right to focus your report, click on a specific data element to filter the entire report or to access more data, and hover over a widget for more actions and info.

CISO Management

The CISO Management report provides critical visibility into operating metrics like remediation status, campaign coverage and compliance, to ease accurate communication of operational status across the organization. This report is designed to help CISOs and other executives manage security and risk management relationships within the organization and deliver cyber risk performance benchmarks for each business group.

This report also identifies vulnerabilities with the greatest impact potential on the organization, reports the most common CVEs, and highlights industry-recognized Hot CVEs of the month. Use the "Filters" pane on the right to focus your report, click on a specific data element to filter the entire report or to access more data, and hover over a widget for more actions and info.

CISO Executive

The CISO Executive report provides an executive-level summary of the industry KPIs presented in various Vulcan Cyber reports. It highlights security posture rating (SPR) and business group benchmarking, SLA compliance, and campaign coverage, as well as a Scatter Plot widget showing what Business Groups have the most impact on the organizational SPR. We recommend visiting this CISO persona-based report monthly or quarterly. Use the "Filters" pane on the right to focus your report, click on a specific data element to filter the entire report or to access more data, and hover over a widget for more actions and info.

Security Posture Rating

The SPR report helps you understand how vulnerability response activities impact your security posture and its criticality to successful risk management. As critical vulnerabilities are remediated, the SPR is automatically adjusted to show your new overall risk. Because it is calculated by intelligent asset groupings, when an asset’s vulnerabilities are remediated, the overall security posture improves. The SPR (Security Posture Rating) Analytics report reflects your organization’s attack surface and cyber risk, analyzing your security posture rating over time. Use the "Filters" pane on the right to focus your report, click on a specific data element to filter the entire report or to access more data, and hover over a widget for more actions and info.

Threat Intelligence

The Threat Intelligence report provides organizational analysis based on threat tags and main Threat intelligence frameworks, such as OWASP Top 10. The Threat Intelligence report compares CVSS risk scores to Vulcan's contextualized risk calculation, analyzes which CVEs have the most vulnerabilities, provides insight into the Risk Mass distribution in your organization, and presents you with the up-and-down shifts in vulnerability instances count over time. Use the "Filters" pane on the right to focus your report, click on a specific data element to filter the entire report or to access more data, and hover over a widget for more actions and info.

SLA Tracking

The SLA Tracking report provides visibility into the overall status and progress of SLA across the organization and per Business Group. The SLA Tracking report is entirely based on the defined SLA policies. SLA Policies let you establish clear and measurable guidelines to monitor and measure vulnerability remediation across the organization. SLA policies are like a target, or a deadline, within which your team is expected to respond and resolve vulnerabilities. Once you define your SLA, you can start gaining valuable insight from the SLA Tracking report and re-assess your remediation efforts. Note that the report only counts assets with defined SLA (SLA days value is set to > 0). Use the "Filters" pane on the right to focus your report, click on a specific data element to filter the entire report or to access more data, and hover over a widget for more actions and info.

MITRE ATT&CK

The MITRE ATT&CK interactive dashboard aligns vulnerabilities and risk management to the MITRE ATT&CK matrix to help implement a best practices approach to prioritization and mitigation. The widgets in this report map vulnerabilities in your environment to specific MITRE Tactics and Techniques using your preferred criteria and filters. You can drill into vulnerability details within the reports to learn more and take immediate action. Use the "Filters" pane on the right to focus your report, click on a specific data element to filter the entire report or to access more data, and hover over a widget for more actions and info.

Risk Exception

The Risk Exception report evaluates the accepted risk posed by approved Exception Requests and ignored vulnerability instances from connectors, adding business context and helping the security team operate around the risk exception and compliance policies. The report is mainly based on the data on the Exceptions page > "Approved", and on the Vulnerabilities page > "Ignored". Use the "Filters" pane on the right to focus your report, click on a specific data element to filter the entire report or to access more data, and hover over a widget for more actions and info.

Application Security

The Application Security report helps you understand the risk impact of Code Projects and Websites on your organization. Get visibility into AppSec-filtered MTTR, Assets SLA Compliance and Risk Mass. Use this actionable report to understand the impact of application vulnerabilities on your organizational cyber risk, prioritize remediation based on CWEs, and access AppSec-filtered assets and vulnerabilities tables to create remediation campaigns and fix application security weaknesses before they affect your users.

Scan Coverage

The Scan coverage report helps you understand scan-coverage aspects of the assets inventory in the organization. This report provides visibility on scanned vs. unscanned assets. Unscanned assets aren't scanned for vulnerabilities by the integrated vulnerability scanners. Use the "Filters" pane on the right to focus your report, click on a specific data element to filter the entire report or to access more data, and hover over a widget for more actions and info.

Remediation Performance

The Remediation Performance report presents remediation KPIs such as MTTR (Mean Time to Remediation), average daily remediated/introduced vulnerabilities, campaign coverage stats, remediation across business groups, MTTR stats, and more. The report generates a wide perspective on the remediation workload capacity in your organization so you can better evaluate and estimate your remediation pace and performance. Use the "Filters" pane on the right to focus your report, click on a specific data element to filter the entire report or to access more data, and hover over a widget for more actions and info.

PCI Report

The PCI compliance Vulnerability Management report helps you audit the Payment Card Industry Data Security Standard (PCI) and understand your PCI compliance status across PCI-relevant Business Groups. To work with the PCI report, you must first create dedicated PCI-relevant Business Groups that contain PCI assets. Use the "Filters" pane on the right to focus your report, click on a specific data element to filter the entire report or to access more data, and hover over a widget for more actions and info.


How to use Vulcan Analytics

To learn how to use Vulcan Analytics, click the “How to use Analytics” tutorial available on the top-right Analytics home page.

  • Learn about report functionality such as filtering, tooltips, cross-filter, visuals, custom widgets, and more;

  • Train stakeholders who are new to Vulcan Analytics with a simple tutorial.

Export Reports

To export the content of a report to a PDF:

  1. Enter the desired report.

  2. Optional: Apply filters.

  3. Click "Export".

    After a few seconds, a notification will appear confirming that the report will be sent to the email address of the Vulcan user.

  4. The report will be sent to the Vulcan user email address.

    Important: If you don't get the email, we suggest checking the spam folder, as there is a possibility that the email containing the report might end up there. If you find the email in the spam folder, please mark it as 'Not Spam' to ensure that you receive future reports smoothly.

PDF Example

Report Scheduler (Schedule Report Export)

The Report Scheduler automates the generation and delivery of reports in a PDF format. Instead of manually creating and distributing reports, the report scheduler lets you define a schedule and recipients, allowing the platform to automatically generate and send reports to relevant stakeholders.

  1. Select the frequency for generating automatic reports (Daily, Weekly, or Monthly). The Vulcan Platform emails the scheduled reports as follows:

    • Daily: At 07:30 UTC

    • Weekly: Every Monday, at 07:30 UTC.

    • Monthly: First day of the month, at 07:30 UTC.

  2. Set the regular recipients of the report out of the existing Vulcan users list. Only the recipients selected will receive the reports.

    Important: If the recipient doesn't get the email, we suggest checking the spam folder, as there is a possibility that the email containing the report might end up there. If the email is in the spam folder, mark it as 'Not Spam' to ensure receiving future reports smoothly.

Note: You can always edit or delete schedules.

Tooltips

Hover over a widget and click the question mark symbol to learn about the widget.

File:Icon-round-Question mark.svg - Wikipedia
tooltip

Cross-Filters

Select a data point of value in one visual to cross-filter the rest of the visuals. The related data in the visuals remain, while the unrelated data disappears.

Data Drilling

Data drilling is a capability that takes you from a more general view of the data to a more specific one. Simply use the up-down arrows available on the relevant widgets or hover over a data point and right-click to see the data drilling options available.

Note: Not every visual has the drill-down option.

Sort visuals and tables

You can change the sort of a visual or a table to focus on a different aspect or discover new insights. You can also sort alphabetically, numerically, descending, or ascending.

Filters

Apply filters to focus on more specific data. By applying multiple filters, you hide irrelevant data and focus on only what matters to you most.

  • Filter an entire report page: Use the available filters on the right Filters pane to impact the entire report.
    Note: Some filters are common to all reports, and some are enabled only for specific reports.

  • Filter a specific visual/widget: Select a specific visual/widget in the report, then use the filters pane on the right to apply the filters only on the selected visual.

The Period filter

To better analyze your cyber-security status and progress, use the Period filter to compare two pre-defined periods. For example, you can compare the last 30 days with the 30 days before.

You can select to compare the Last 7 Days, Last 30 Days, Last 60 Days, Last 90 Days, and Last Month (e.g., August vs. July).

When selecting a comparison period, the trends and data on the page adjust to show you the current and most relevant data compared to the previously selected date.

  • Positive change is indicated with the percentage without any prefixes.

  • Negative changes are indicated with a minus (-)

For example, the Security Posture Rating below shows 88.7%, and the % change from the last period is 0.10% in SPR (positive change).

In the example below, the %SPR in the 90 days between 05/30/2023 and 08/27/2023 is 0.10% more than in the period between 03/01/2023 and 05/29/2023. This means your SPR % has increased.

Business Group filter

This is one of the most important filters you'll use. Use the Business Groups filter to present data on a specific Business Group (or more) that interests you most or has the highest impact. This filter exists across the Vulcan Analytics Reports helping you narrow your data and focus on what matters.

Asset Tags Filter

Users can designate an asset tag as a filter within analytics. This is done by flagging a tag with the option "Use as a Filter in Analytics."

  • Universal report availability: Filtering reports by Asset Tags is available across all reports in the Vulcan Platform, ensuring comprehensive applicability.

  • Efficient integration flow: Once a tag is marked for use in analytics, it will be integrated into the reporting system within the next analytics build cycle, which takes up to 24 hours. This ensures a seamless and timely addition of new filters into the system.

  • Enhanced dashboard interactivity: Both widgets and dashboards can be filtered by specific tags allowing users to see the impact of individual tags.

  • Real-time impact analysis: By filtering dashboards and widgets with specific asset tags, users can gain immediate insights into how particular tags influence their security posture. This feature helps users make more-accurate decisions based on the specific characteristics and implications of each tag.

SLA Filter

This filter allows you to swiftly identify and segregate assets by their SLA compliance status. It addresses the challenge of manually tracking and ensuring SLA compliance for high and critical vulnerabilities across different business groups and assets, specifically focusing on those with high and critical vulnerabilities.

  • Business group specifics: View the number of assets within each business group alongside a detailed breakdown of those not meeting SLA requirements, offering a clear picture of compliance and areas needing attention.

  • Enhanced decision making: Gain immediate access to critical data points like the percentage of SLA-compliant assets, enabling informed decisions and targeted remediation strategies.

More filters

The following filters can be applied to some key reports:

  1. EPSS (Exploit Prediction Scoring System)

  2. CVSS (Common Vulnerability Scoring System)

  3. Vulnerability Publish Date: This date is sourced from the connector based on when the CVE was published in the cloud. If the publish date is not available, the field will be empty.

Supported Reports: Security Posture Rating, Remediation Performance, Campaign Tracking, SLA Tracking, Threat Intelligence Report, CISO Management Report, PCI Report, Application Security Report, Risk Exception Report, MITRE ATT&CK, End of Life, Top Operational Report.


Self-Service Analytics

You can create your customized analytics dashboard. Learn all about it here.


Analytics FAQ and Data Validation

Read our Analytics FAQ and Data Validation article here.

Did this answer your question?