All Collections
Assets and Vulnerabilities
Vulnerabilities
Vulnerability Software and CVE Clusters
Vulnerability Software and CVE Clusters

View, prioritize and take action on vulnerabilities grouped by affected software or CVE

Updated over a week ago

About

When it comes to Cyber Security and vulnerability remediation, prioritization is everything. As a VM, you would want to prioritize the next group of vulnerabilities/assets that require remediation that can be grouped by a common remediation action, usually a software upgrade or patch. This is exactly what the Software Clusters and CVE Clusters views deliver.

Purpose

View and take unified action on vulnerabilities clustered by affected software or CVE

Use Affected Software Clusters and CVE Clusters to view, prioritize and take unified action on vulnerabilities grouped by the same affected software or by CVE. Vulcan Cyber will provide a high-level overview of your vulnerabilities grouped by the same software component collected from all relevant connectors. Take bulk action on clustered vulnerabilities via the same mitigation or upgrade task.

Highlights

  • Aggregate unique vulnerabilities based on Affected Software (e.g., Windows, Linux, Python, etc.);

  • Aggregate unique vulnerabilities based on CVE;

  • View the most vulnerable software components and take action with the highest impact on remediation;

  • Open tickets at scale based on affected software or CVE;

  • Achieve faster remediation results, lower the risk mass and improve the SPR

What do VM and CISOs get out of it?

  • For the VM (Vulnerability Manager), the main benefit is to provide decision-supporting information while spending less time drilling into huge amounts of data.

  • For the CISO, the main benefits are:

    • Understand where the most organizational software risk lies

    • Identify software components and CVEs that are most prevalent or have the most risk mass tied around them

    • Drive remediation actions with less effort

    • Drive unified remediation action by choosing to "Separate tickets per unique vulnerability", or to "Aggregate all contents to a single ticket (Up to 200 vulnerabilities per ticket)".

Software Clusters

  • Clusters vulnerabilities by "Affected software". For example, kernel, Firefox, Windows, bind, python, etc.

  • Sorts out the vulnerabilities by what interests you most, such as:

    • Risk Mass (by default) - from the highest to the lowest. This helps you understand what software components have more risk mass (affects the highest amount of vulnerabilities).

    • Max Risk

    • Amount of affected assets

  • Allows you to focus your clustered results using the Search and filter by parameters such as Threats, Tags, Vuln-tags, specific assets search, etc.

  • Allows you to sort your view by any other parameters you find relevant and important. Examples:

    • Filter by Business Groups to focus on specific business areas that are more important than others

    • Filter by Vendor to focus on vulnerabilities that are part of a team's focus, such as Windows or CentOS

    • Filter/Sort by the number of Assets linked to the vulnerabilities to focus on where you have more affected assets

CVE Clusters

  • Clusters vulnerabilities by CVE.

  • Sorts out vulnerabilities by what interests you most, such as:

    • Risk Mass (by default) - from the highest to the lowest. This helps you understand what CVEs have more risk mass (AKA, impacts the most amount of vulnerabilities)

    • Exploit Prediction Scoring System (EPSS) - ESPP is an estimate of the likelihood (probability) that a software vulnerability will be exploited in the wild.
      The EPSS metric is a pre-threat intelligence. If there is evidence that a vulnerability is being exploited, that information should supersede the EPSS score.

  • Allows you to focus your clustered results using the Search and filter by parameters such as Threats, Tags, Vuln-tags, specific assets search, etc.

Take Action on Software or CVE Clusters

Take a unified remediation action on vulnerabilities affecting the same software component

As VM, you can "Take Action" to drive unified remediation action in bulks. This means you can trigger an immediate remediation campaign (or more) on all vulnerabilities related to a specific software package or CVE and assign it to the person or a team.

  1. Go to Vulnerabilities > Software Clusters or CVE Clusters

  2. Click on the cluster that is relevant to you (you can search and filter to narrow down the results)

  3. Review the vulnerability cluster details and see all the related vulnerabilities and assets

  4. Select all or only a subset for remediation

  5. Click on "Take Action" and select your remediation method (Jira ticket, Service Now, Email, etc.)

  6. You can click the "Edit" next to the vulnerability to modify the content of the ticket, such as "Remedies to apply", and "Asset to patch":

  7. Select whether to:
    "Separate tickets per unique vulnerability";
    or to
    "Aggregate all contents to a single ticket (Up to 200 vulnerabilities per ticket)"

  8. Complete the ticket/email form as required

  9. Click "Open ticket" to set the remediation action into motion

  10. Once you "Open ticket", the remediation instructions are sent through the selected channel (JIRA, ServiceNow, Email, etc.,).

    The message sent contains simple package update instructions without remedy attachments - unlike the regular non-clustered tickets. The instructions should be applied to the grouped vulnerabilities to remediate them based on the affected software. The message does contain the package name and version you should upgrade the affected software.

  11. Every time you Take Action on an asset or a vulnerability, a campaign is created. This is a manual campaign because it is triggered manually by the user through the Vulnerabilities or Assets page.


Related Articles
Vulnerabilities Page
Vulnerability Details
Risk Calculation and Prioritization
Ticket Template Customization
Vulnerabilities Triage Best Practice
Did this answer your question?