Creating a Custom Field in Kenna.VM

Kenna provides several informational fields by default, such as Risk Score, CVSS2.0 score, and CVE number. If there are additional values that you’d like to record on the vulnerability level, you can create a custom field. Custom fields allow you to apply additional metadata to vulnerabilities.

Data Types for Custom Fields

• Date

  • Supports a calendar date. A calendar date-picker displays when you edit the field. You can also input a date in MM/DD/YYYY format. Use it to mark the date a vulnerability was Risk Accepted or a date to review the vulnerability status (Risk Acceptance or False Positive review/re-validation).

• Numeric

  • Supports a number. It can include decimals and is limited to a maximum of six digits.

• Short String
  • Supports up to 50 characters of text. Use it for additional notes, marking the owner of a vulnerability, or any other text-based data.

• Long String 

  • Supports up to 500 characters of text. Use it to set a description of a vulnerability.

• Dropdown Menu

  • A list of static choices that appear when a user clicks on the title. Use it to list the level of priority for the vulnerability internally. For example, Low, Medium, High.

• Attachment Field

  • An attachment of up to 2MB. Supported attachment file types include .pdf, .jpeg, .jpg, .png, and .xlsx.

Creating a Custom Field:

1. From the gear in the upper right side of the window, in the dropdown menu, click Custom Fields.
   
   

2. Click Create Custom Field.
   
   
3. Enter values for the fields and click the VM radio button. If you want to filter on this field in Explore, click the Faceted Search checkbox. Click Save. 
   
   
   Note: Each unique entry in a custom field creates a new checkbox in Explore. For example, if you have four unique dates/numbers/text strings, four checkboxes are created.
4. After you define your custom fields, they are available for all vulnerabilities. You can now add data to these custom fields, individually, or in bulk if the entry you are adding is the same across a group of vulnerabilities.
   To add data in bulk:
   • Select the vulnerabilities to add data to and click Edit.
   • Select the custom field to edit and input the information. The changes are applied to all selected vulnerabilities. Click Save Changes. 
     
     
     
     
     
     To add data to a single vulnerability, there are two options:

• • • Select the vulnerability and click Edit.

    • Click the blue arrow (vulnerability details) on the right side of a vulnerability, and then change custom fields on the right side of the window.