From the Vulnerability Management Explore page, you can filter your asset and vulnerability data to create a unique view that will target specific information to support your remediation effort.
For fast creation of filters, we can use the facet selector boxes on the right-hand sidebar of the Vulnerability Management Explore page. By selecting more than one option, you can begin to build a more targeted or complex query. The option boxes are grouped into Asset and Vulnerability Filters. you can select checkboxes from either filter set and they will be applied to the content in the current view. You can expand the filter options to show the actual selectable options you can choose from.
Often organizations will create many filtered views that might be based on whether they are for example, active assets, tags, IP ranges, operating system type, geographical location or service ownership of assets or a combination.
At the same time, you can also create groups based on vulnerability options such as those belonging to a particular CVE group, a particular range of Cisco Security Risk Score or last seen within a particular date range. You can combine these options to create a more complex query.
It’s important to remember that both types of filter can be used together in a query too, so you can create a filter based on asset and vulnerability facets combined. For example, you can choose all assets in your organization that are based on a Windows OS asset and that has CVE-2020-1472.
The options included in the checkboxes are the “most commonly used” but only a small selection of the real power of the Cisco Vulnerability Management platform. Many more filter criteria are available using the Custom Query String search function which is based upon Lucene search expressions.
For the full list of available search criteria you can use, refer to the Search Terms article.
For more information about how you can build these search terms into a more complex query, refer to the Query Example article.
To access the Search Terms and Query Example information from the UI, click the small question mark icon (?) next to the “Custom Query String” input field on the Vulnerability Management Explore page.
Comments
Please sign in to leave a comment.