Using the Vulnerability Management Explore page

The Vulnerability Management Explore page makes it easy for you to use risk meters, also known as groups, and to search for and filter data. When you first open the Explore page, if you click on All Groups, the first 500 of your organization's groups display in a drop-down list. To find the group that you want to see, start typing in the Search field. Once the group that you want to see displays in the list, click it to view its details.

VM-Explore-search.png

If you have hierarchical risk meters defined, you can also see their hierarchy in the list. A group that has a hierarchy of groups has an arrow beside its name. Click the arrow and the descendants of the group display. A breadcrumb trail displays above the current group, which is also another way to navigate through your groups. As you examine the child risk meters, the breadcrumb trail shows the path you are taking. You can click on any of the items in the breadcrumb trail to display that group. In the following image, the hierarchy of groups is All Groups > Network Team > Network Team Child 1 > Network Team Grandchild 1.

VM-Explore-hierachical-risk-meters.png

For more information about groups, refer to the information here.

Using Asset Tags

Metadata about assets are called Tags in Cisco Vulnerability Management. Tags are automatically imported and synchronized with assets during connector runs. Tags can also be added using the UI or API. Tagging assets allows you to maintain a structure that you have already established in your scanner tools. Some common tags include Asset Groups and Tags from Qualys, Sites from Nexpose, Tags from Tenable, and various data fields from CMDB such as Model Number, Location, and Asset Tag. Tags help many customers filter and segregate data to build risk meters.
For more information about asset tags, refer to the information here

Vulnerability Statuses

On the Vulnerability Management Explore page. you can modify the status of a vulnerability to help your team prioritize the vulnerabilities that matter and to track the lifecycle of your vulnerabilities. The Cisco Vulnerability Management offers four vulnerability statuses:
Open: The vulnerability is still a risk in your organizational data and is available in Cisco Vulnerability Management for remediation. This is the default status for vulnerabilities.

Closed: The vulnerability has been remediated by your team. Once closed, it is removed from the Open vulnerability view.

Risk Accepted: The vulnerability truly represents a risk, but the business has decided not to remediate it for some reason. A good example of a Risk Accepted vulnerability is an Internet Explorer vulnerability on a server in a data center that is not accessed or Java vulnerabilities that cannot be remediated because a legacy application will not be replaced until the next fiscal year.

False Positive: The vulnerability identified in your scan file is not actually a vulnerability.

Modify the status of a vulnerability

  1. Navigate to the Vulnerability Management Explore page.
  2. Click the checkbox beside the vulnerability that you want to change the status for.
  3. Click Set Status.
  4. Select a vulnerability status option.

You will see the risk status that you’ve assigned to the vulnerability when you click one of the vulnerabilities in the table and view its details. You can also flag many vulnerabilities at once as either risk accepted or false positive in the Vulnerability table (or all at once using the Display drop-down). Once selected, just assign the new status using the drop-down.

Flagging a vulnerability as risk accepted or as false positive will remove those items from the risk meter score, as only open vulnerabilities contribute to an asset score. For Risk Meters that would have contained vulnerabilities that you marked risk accepted, you will see the Risk Meters True Risk score on the Group Overview of the Reporting page.

You can add additional information to your vulnerability statuses (such as justification of the decision or a date to reevaluate) by creating a custom field for each. For Risk Accepted items, a Due Date is also recommended so that the business can revisit the decision to not remediate the risk. For more information on using custom fields, refer to the information here.

Filter and search for data

You can use filtering options at the top of the page to help you search for identified vulnerabilities. You can select multiple options to refine the filtered view.

Facet-updates.png

Here is what each of the filters do:

Top Priority: Identifies the highest priority vulnerabilities which will most improve your security posture if they are addressed.

Active Net Breaches: Identifies vulnerabilities that are being successfully exploited in the wild currently.

Easily Exploitable: Identifies vulnerabilities that are included in exploit kits or other public exploit sources.

Predicted Exploitable: Identifies the number of vulnerabilities that are predicted to become exploitable.

Malware Exploitable: Identifies the number of vulnerabilities actively exploited with Malware including Trojans, Worms, Ransomware, and more.

Popular Targets: Identifies the number of vulnerabilities that other Cisco Vulnerability Management clients are seeing in high volume.

Zero Days: Identifies 0-day vulnerabilities that are recently discovered vulnerabilities (or bugs) that are not yet known to vendors or anti-virus companies, that hackers can exploit.

For more information about filtering, refer to the information here.

Custom Query String

In the Custom Query String Search bar, you can search for specific details about Assets, or Vulnerabilities. For example, you can search for an asset by ID: "asset_id:32716281", or a vulnerability by specific CVE identifier: "cve:2014-0160".

Using-VM-custom-query-string.png

Filters section

You can also use the options in the Asset Filters and Vulnerability Filters sections to adjust the list that displays.

Using-VM-asset-filters-list.png

For more information about custom query strings and filtering, refer to the information here.

Create, Edit, and Delete a Risk Meter

Administrators, normal users, and custom users that have the "Edit Asset Groups" permission assigned to them can create, edit, and delete risk meters. For more information about risk meters, refer to the information here

Create a Risk Meter

  1. On the Vulnerability Management > Explore page, in the Custom Query String field, or using the Asset Filters options, perform a search.
  2. After you have captured the assets or vulnerabilities that you want, click Save Group.
    VM-Explore-Save-Group.png
  3. In the Create Group pop-up window, type a name for the risk meter and choose the roles that can access it.
  4. Click Create Group.

Create a child risk meter

  1. On the Vulnerability Management > Explore page, use the search field to find the risk meter that you want to create a child risk meter for, and click it.
  2. Hover over the name of the risk meter.
  3. Click new-icon-plus-button-icon.jpg.
  4. In this Child Risk Meter view, add any additional filters and then click Save Child.
    VM-Explore-Save-Child.png
  5. In the Create Child Group pop-up window, enter a name and select any roles.
  6. Click Create Child.

Edit a Risk Meter

  1. On the  Vulnerability Management > Explore page, use the search field to find the risk meter that you want to edit, and click it.
  2. Hover over the name of the risk meter.
  3. Click pencil-edit-button.jpg.
  4. Edit the group name, role permissions, or filters.
  5. Click Update Group.

Delete a Risk Meter

  1. On the Vulnerability Management > Explore page, use the search field to find the risk meter that you want to delete, and click it.
  2. Hover over the name of the risk meter.
  3. Click trash-can-delete-icon.jpg.
  4. In the Confirm Delete Risk Meter pop-up window, click Yes, Delete.
    Note: Deleting a risk meter permanently deletes all data from that meter and all its descendants.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.