Quick Filtering of Asset & Vulnerability Content

From the Cisco Vulnerability Management Explore Screen, it is possible to “slice and dice” or “filter” your asset and vulnerability data in the Cisco Vulnerability Management platform to create a unique view that will target specific information to support your remediation effort.

For fast creation of filters, we can use the facet selector boxes on the right-hand sidebar of the Cisco Vulnerability Management Explore screen. By selecting more than one checkbox, we can begin to build a more targeted or complex query. The selector boxes are grouped into Asset and Vulnerability Filters. Checkboxes can be selected from either filter set and will apply to the content in the current view. The filter options can be expanded to show the actual selectable facets we can choose from.

Often organizations will create many filtered views that might be based upon whether they are active assets, tags, IP ranges, operating system type, geographical location or service ownership of assets or a combination of.

Filtering_.png

At the same time, we can also create groups based upon vulnerability facets such as those belonging to a particular CVE group, a particular range of risk score or last seen within a particular date range. Again, these facets can be combined to create a more complex query.

Filtering_2.png

It’s important to remember that both types of filter can be used together in a query too, so we are able to create a filter based upon asset and vulnerability facets combined. As an example, we might choose all assets in our organization that are based on a Windows OS asset and that has CVE-2020-1472.

The facets included in the checkboxes are the “most commonly used” but only a small selection of the real power of the Cisco Vulnerability Management platform. Many more filter criteria are available using our Custom Query String search function which is based upon Lucene search expressions.

For the full list of available search criteria we can use, please visit:

https://help.kennasecurity.com/hc/en-us/articles/206280593

For detail on how these search terms can be built into a more complex query, please visit;

https://help.kennasecurity.com/hc/en-us/articles/208062936

To access the above information quickly from the platform while using Cisco Vulnerability Management, please click the small question mark icon (?) next to the “Custom Query String” input field in the Explore Screen.

Filtering_3.png

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.