Tips & Tricks for the Cisco Vulnerability Management Power User

1. Keyboard Shortcuts

Keyboard shortcuts are available from the Dashboard and Explore pages. Click the Keyboard Shortcuts link in the bottom right sidebar or just <shift>+?

2. Search Syntax Tips

Cisco Vulnerability Management offers many powerful ways to search your assets and vulnerabilities. For information about search examples, refer to the information here.

3. Threat Trends Click-Through

On the Home page, you can open the Threat Drawer at the bottom of the page and click on any of the attack or breach bubbles to filter your assets and display only those that are vulnerable to that attack or exploit.

4. Threat Trends History

Speaking of threat trends and keyboard shortcuts, there's a hidden shortcut within threat trends. By clicking on the left and right arrows, you can page through threat trends historically one week at a time.

5. Bulk Editing

You can edit multiple assets and vulnerabilities at the same time using the bulk editing menu. To edit multiple assets or vulnerabilities at the same time, select the ones you want to edit with the checkbox on the left side of the Asset or Vulnerability tabs. You can also select the checkbox at the upper left-hand side of the table to select all items on a page, then click the link to select all items across all pages if you want to bulk update all items. After you have selected the items that you want to change, at the top right-hand side of the table the bulk editor displays. For assets, you can set their priority score, add and remove tags, and mark them inactive or active. For vulnerabilities, you can create a ServiceNow or Jira ticket (requires a connector), change the status, set the due date or edit any custom fields. 

6. Custom Fields

You can create Custom Fields to store additional metadata associated with vulnerabilities. To create a new custom field, click the Settings icon in the upper right-hand side of the page, and select Custom Fields > Create Custom Field. Enter a name for your Custom Field, provide an optional description, select the field data type (string, numeric, or date), and if you'd like to filter your vulnerabilities on this field select the Faceted Search option, and click Save.
Once you have created your custom fields, you can add them to vulnerabilities either in bulk or one at a time. To add a custom field to an individual vulnerability, on the VM Explore page select the vulnerability in the list, click the arrow beside the vulnerability, and then click edit on the right-hand side of the screen.

If you chose to have faceted search available for your custom field, you will see a new item added in the search panel on the VM Explore page. As you add values to your custom field, they will appear as selectable checkboxes that can be used for quickly searching against those custom values.
For more information about Custom Fields, refer to the information here.

7. RBAC

You can restrict access in Cisco Vulnerability Management using Role Based Access Control (RBAC). To create a role, click on the Settings icon in the upper right-hand side of the screen and select Roles > Add Role. Enter a name for the role, select whether the role will have read only or read+write access, and enter the Risk Meters/Asset Groups the role will have access to. Save the role.

To assign a user to a role, click the Settings icon and select Users. You can edit an existing user or create a new user. Beside the user that you want to assign the role to, click the Edit icon, and in the Roles drop-down list, select the role. For more information about RBAC, refer to the information here.

8. Ticketing

If you have an existing ServiceNow, Jira, or Cherwell ticketing system, you can send vulnerabilities, fixes or Top Fix Groups to the ticketing system directly from Cisco Vulnerability Management. To start, create a connector for your ticketing system. Once the connector is in place, a ticket creation button will display in Cisco Vulnerability Management where ticket creation is possible. Relevant field data is automatically set for submission to the ticketing systems but you have control over group and owner assignments before you submit the ticket.

Once a ticket has been created, the 3rd party ticket number will be attached to all the related vulnerabilities and the ticket status will be updated automatically. Remember that closing a ticket will not close a vulnerability, only information from the scanner identifying the vulnerability as closed will close the vulnerability in Cisco Vulnerability Management. 
 

9. RESTful API

Have other data or systems that are not natively integrated into Cisco Vulnerability Management? You can still move data from Cisco Vulnerability Management to those system or from those systems into Cisco Vulnerability Management. the RESTful API allows for straight forward scripting to customize Cisco Vulnerability Management data as needed. Examples include, but are not limited to: exporting data to ticketing and reporting systems, importing asset priority information, and setting custom field data. You can find the full API documentation here.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.