About

Vulcan's Self-Service Analytics allows you to Customize a Widget to create and personalize widgets according to your unique preferences and control the data you visualize and how you interact with it.

Creating a customized widget

Utilize Vulcan's widget builder to create and personalize visuals quickly.

Go to Analytics
Click on an existing customized report or "Add a Report" to create a new custom report.
Click on an existing custom widget to edit it, or click "New Widget" to begin designing your new visual.
In the widget builder, select the visual type, title, axis, legend, and tooltips to present the desired information. Example: Choose a bar chart, set the title as "Vulnerabilities Over Time," specify the X-axis as "Months," etc.
Learn all about the widget's customization options here.
Once configuring the widget, click "Create" to add it to the new report.

Customization options

For each widget you build, you need to grant it a name, write an indicative description (optional), select the visual type, and define the fields (x and y axis). You can customize the following:

Category (X-Axis) organizes data points.
Values (Y-Axis) represent the actual measurements.
Legend explains different elements or data series.
Tooltipoffers supplementary information when hovering over data points.

Category (x-axis)

The categories on the x-axis refer to distinct items being compared or displayed in the graph.

For example, in a Line Chart comparing MTTR data of External Facing Assets across different Months, the months would be the categories on the x-axis.

X-axis option	Description
Day	Presents data per day
Month	Presents data per month
Quarter	Presents data per quarter
Asset Type	Presents data by asset type (Host, Code Project, Image, Cloud Resource)
Risk Level	Presents data by Risk Level (Critical, High, Medium, Low)
Business Group	Presents data per business group. A Business Group is a collection of assets representing a Business Unit in your organization.
Dynamic	Presents data per Dynamic tag. A dynamic tag represents and indicates asset(s) owner(s).
External Facing	Presents data per external facing asset. An external-facing asset is an asset that can be accessed from outside the organization. For example, it can be open to the internet, providing content to anonymous users, internal employees, and business partners. Such assets are tagged with an External Facing tag.
Discovery Age	Show data by the discovery age of vulnerabilities in days (<30d, 30d-60d, 60d-90d, >90d)

Values (y-axis)

The values, represented on the y-axis, correspond to the data points or measurements in the graph. The y-axis represents the scale or numerical range against which these values are plotted.

For example, in a Column Chart showing Assets by Type (x-axis), the y-axis can indicate the SLA-Compoliancy for each category on the x-axis.

Y-axis option	Description
SPR	SPR threshold (0%-100%). SPRis the percentage of assets that comply with the security posture policy of the organization. The higher the SPR is, the more compliant your environment is with the organization's security posture.
Risk Mass	Risk mass is the sum of all the calculated atomic risks of all vulnerability instances at a given time.
Vulnerability Instances	Vulnerability instances count.
Asset SLA Compliance	Percentage of assets compliant with the organizational SLA policy. The SLA defines the days for a Critical/High/Medium/Low vulnerability to be fixed. Assets compliant with SLA are assets within the time-to-fix range defined in the SLA policy.
Campaign Coverage	Percentage of the category in the x-axis covered in campaigns (have a remedy campaign/ticket opened for them)
Assets SLA Exceeding (count/percentage)	Count/percentage of assets exceeding their SLA policy (past the due date to be fixed as defined in the SLA policy).
Average Vulnerability Age	Show data by the average vulnerability age in days (vulnerability age = the day a vulnerability was first identified on the asset).
Exception Requests	The number of exception requests opened for the category in the x-axis. The Vulcan Platform allows organizations to apply their risk-acceptance policy on vulnerabilities. The Exception Request flow in Vulcan enables users to create exception requests for vulnerabilities received in remediation tickets.
Vulnerability Instances with Exception Requests	The number of vulnerability instances that have an exception request opened for them.
MTTR	MTTR (Mean Time To Remediate) is the average time it took to remediate vulnerabilities from when it was identified to when it was remediated. The lower the MTTR is, the better your organization is doing regarding the time it takes to remediate vulnerabilities.
Vulnerability Instances approaching SLA	Count of vulnerability instances approaching the SLA due date (~20% to due date).
Scan Coverage	Percentage of scanned assets. The percentage of scan coverage is calculated this way: [# of Unscanned Assets] / [# of All Assets]
Scanned Assets	Scanned Assets are assets within your inventory that have undergone the scanning process through the scanner integrated with the Vulcan Platform.
Unscanned Assets (count/percentage)	Unscanned Assetsare assets that have been ingested from your inventory connector but have not undergone scanning through your scanner connector.

Legend

The legend is a visual guide that explains the meaning of different elements or data series in the graph. Each entry in the legend corresponds to a distinct color, pattern, or marker used in the graph.

For example, in a 100% Bar Chart showing the risk mass of vulnerabilities for the different asset types, the legend might explain the distribution of the risk mass across the affected Business Groups.

Legend	Description
Asset Type	Presents a legend of asset type (Host, Code Project, Image, Cloud Resource)
Risk Level	Presents a legend of Risk Level (Critical, High, Medium, Low)
Business Group	Presents a legend of business groups. A Business Group is a collection of assets representing a Business Unit in your organization.
Dynamic	Presents a legend of Dynamic tags. A dynamic tag represents and indicates asset(s) owner(s).
External Facing	Presents a legend of external facing assets. An external-facing asset is an asset that can be accessed from outside the organization. For example, it can be open to the internet, providing content to anonymous users, internal employees, and business partners. Such assets are tagged with an External Facing tag.
Discovery Age	Presents a legend of the discovery age of vulnerabilities in days (<30d, 30d-60d, 60d-90d, >90d)

Tooltip

A tooltip is a brief, contextual piece of information that appears when hovering over a specific data point or element in the graph. It provides additional details about that particular data point, helping the viewer understand its significance without cluttering the main graph area. Tooltips help give quick insights and aid in data exploration.

Tooltip option	Description
SPR	SPR threshold (0%-100%). SPRis the percentage of assets that comply with the security posture policy of the organization. The higher the SPR is, the more compliant your environment is with the organization's security posture.
Risk Mass	Risk mass is the sum of all the calculated atomic risks of all vulnerability instances at a given time.
Vulnerability Instances	Vulnerability instances count.
Asset SLA Compliance	Percentage of assets compliant with the organizational SLA policy. The SLA defines the days for a Critical/High/Medium/Low vulnerability to be fixed. Assets compliant with SLA are assets within the time-to-fix range defined in the SLA policy.
Campaign Coverage	Percentage of the category in the x-axis covered in campaigns (have a remedy campaign/ticket opened for them)
Assets SLA Exceeding (count/percentage)	Count/percentage of assets exceeding their SLA policy (past the due date to be fixed as defined in the SLA policy).
Average Vulnerability Age	Show data by the average vulnerability age in days (vulnerability age = the day a vulnerability was first identified on the asset).
Exception Requests	The number of exception requests opened for the category in the x-axis. The Vulcan Platform allows organizations to apply their risk-acceptance policy on vulnerabilities. The Exception Request flow in Vulcan enables users to create exception requests for vulnerabilities received in remediation tickets.
Vulnerability Instances with Exception Requests	The number of vulnerability instances that have an exception request opened for them.
MTTR	MTTR (Mean Time To Remediate) is the average time it had taken to remediate vulnerabilities from when it was identified to when it was remediated. The lower the MTTR is, the better your organization is doing regarding the time it takes to remediate vulnerabilities.
Vulnerability Instances approaching SLA	Count of vulnerability instances approaching the SLA due date (~20% to due date).
Scan Coverage	Percentage of scanned assets. The percentage of scan coverage is calculated this way: [# of Unscanned Assets] / [# of All Assets]
Scanned Assets	Scanned Assets are assets within your inventory that have undergone the scanning process through the scanner integrated with the Vulcan Platform.
Unscanned Assets (count/percentage)	Unscanned Assets are assets that have been ingested from your inventory connector but have not undergone scanning through your scanner connector.