From the Kenna VM Explore Screen, it is possible to “slice and dice” or “filter” your asset and vulnerability data in the Kenna Security platform to create a unique view that will target specific information to support your remediation effort.
For fast creation of filters, we can use the facet selector boxes on the right-hand sidebar of the Kenna VM Explore screen. By selecting more than one checkbox, we can begin to build a more targeted or complex query. The selector boxes are grouped into Asset and Vulnerability Filters. Checkboxes can be selected from either filter set and will apply to the content in the current view. The filter options can be expanded to show the actual selectable facets we can choose from.
Often organizations will create many filtered views that might be based upon whether they are active assets, tags, IP ranges, operating system type, geographical location or service ownership of assets or a combination of.
At the same time, we can also create groups based upon vulnerability facets such as those belonging to a particular CVE group, a particular range of risk score or last seen within a particular date range. Again, these facets can be combined to create a more complex query.
It’s important to remember that both types of filter can be used together in a query too, so we are able to create a filter based upon asset and vulnerability facets combined. As an example, we might choose all assets in our organization that are based on a Windows OS asset and that has CVE-2020-1472.
The facets included in the checkboxes are the “most commonly used” but only a small selection of the real power of the Kenna Security platform. Many more filter criteria are available using our Custom Query String search function which is based upon Lucene search expressions.
For the full list of available search criteria we can use, please visit:
For detail on how these search terms can be built into a more complex query, please visit;
To access the above information quickly from the platform whilst using Kenna VM, please click on the small question mark icon (?) next to the “Custom Query String” input field in the Explore Screen.
Please sign in to leave a comment.