The Cisco Vulnerability Management Platform’s Threat Drawer provides insight into highly targeted exploits that could result in a breach. The graph indicates which vulnerabilities are being attacked and exploited successfully, how often, and whether attacks are trending up or down week by week. It uses CVEs that are breached and attacked to provide security analytics that expose which threats will be the most critical now, and over time.
The Threat Drawer is located on at the bottom of the Home Page.
By clicking the “Show” arrow, the drawer will open and provide the graph below.
Hovering over an individual bubble will open a pop-up informational window displaying pertinent information for that bubble. The information listed includes the CVE, percent change since the last week, volume (number) of attacks, and a brief description of the CVE.
For example, the recent CVE-2020-0601 Windows CryptoAPI Spoofing vulnerability (Crypt32.dll) from early 2020 shows an increase of 19% since last week (at the time this article was written).
If you click on one of these CVEs, your environment automatically takes you to view that vulnerability within your environment in the Explore page if you have the vulnerability. If you do not, the platform takes you to an explore page with 0 assets, 0 vulnerabilities, and 0 fixes signifying you do not have the vulnerability (open) in your environment.
Additionally, if you’d like to navigate back historically and view previous weeks, you can use the arrows on the left and right hand sides to navigate through the trends historically one week at a time.