Tips & Tricks for the Cisco Vulnerability Management Power User

1. Keyboard Shortcuts

Keyboard shortcuts are available from the Dashboard and Explore pages. Want to know what they are? Click the Keyboard Shortcuts link in the bottom right sidebar or just <shift>+?

 

2. Search Syntax Tips

Cisco Vulnerability Management offers many powerful ways to search your assets and vulnerabilities. See here for a few examples you might find useful.

 

3. Threat Trends Click-Through

Clicking on any of the attack or breach bubbles within the threat trends view will filter your assets by only displaying those that are vulnerable to that attack or exploit. Didn't know threat trends existed? Go to the Dashboard and open the threat trends "drawer" by clicking on it in the bottom of your screen where it says "New Threats This Week".

 

4. Threat Trends History

Speaking of threat trends and keyboard shortcuts, there's a hidden shortcut within threat trends. By clicking on the left and right arrows, you can page through threat trends historically one week at a time.

 

5. Bulk Editing

You can edit multiple assets and vulnerabilities at a time using the bulk editing menu. To edit multiple assets or vulnerabilities at once, just select the ones you want to edit with the checkbox on the left side of the asset and vulnerability table. Choose the box at the upper left to select all items on a page, then click the link to select all items across all pages if desired. Once you have selected items, at the top right of the table you'll see our bulk editor. For assets, you can set their priority score, add and remove tags, and mark them inactive or active. For vulnerabilities, you can create a ServiceNow or Jira ticket (requires a connector), change the status, set the due date or edit any custom fields. 

 

6. Custom Fields

Custom Fields can be created to store additional meta data associated with vulnerabilities. To define a new custom field, click the gear icon in the upper right and choose Custom Fields. Click New Custom Field. Complete the form by naming the field, provide an optional description, select the field data type (string, numeric, or date), and if you'd like to filter your vulnerabilities on this field check the faceted search box, then save it.

Once you have defined your custom fields you can add them to vulnerabilities either in bulk via the method above or on an individual vulnerability. To define for an individual vulnerability, just click on the vulnerability details arrow from the Explore screen and then click edit on the right hand side of your screen. 

If you chose to have faceted search available for your custom field, you will see a new item added in the search panel on the main Explore page. As you add values to your custom field, they will appear as selectable checkboxes that can be used for quickly searching against those custom values. 

 

7. RBAC

You can restrict access in Cisco Vulnerability Management using Role Based Access Control (RBAC). First you'll need to create a role by clicking the gear in the upper right of your screen and selecting user roles. Select New Role and complete the form including naming the role, selecting whether the role will have read only or read+write access and then entering the Risk Meters/Asset Groups the role will have access to. Next, save the role.

Assign a user to a role from the gear in the upper right select users. You can edit an existing user or create a new user. In the user form select the role from the role drop down and save it. Done.

 

8. Ticketing

If you have an existing ServiceNow, Jira, or Cherwell ticketing system, you can send vulnerabilities, fixes or Top Fix Groups to the ticketing system directly from Cisco Vulnerability Management. Start by creating a connector for your ticketing system. Once the connector is in place, a ticket creation button will appear across the platform where ticket creation is possible. Relevant field data is automatically set for submission to the ticketing systems but you have control over group and owner assignments before you submit the ticket.

Once a ticket has been created, the 3rd party ticket number will be attached to all the related vulnerabilities and the ticket status will be updated automatically. Remember that closing a ticket will not close a vulnerability, only information from the scanner identifying the vulnerability as closed, will close the vulnerability in Cisco Vulnerability Management. 

 

9. RESTful API

Have other data or systems that are not natively integrated into Cisco Vulnerability Management? You can still move data from Cisco Vulnerability Management to those system or from those systems into Cisco Vulnerability Management. Our RESTful API allows for straight forward scripting to customize Cisco Vulnerability Management data as needed. Examples include, but are not limited to: exporting data to ticketing and reporting systems, importing asset priority information, and setting custom field data. You can find the full API documentation here: https://api.kennasecurity.com

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.