Kenna.AppSec allows users to dynamically create Applications within Cisco Vulnerability Management and use application security connectors to bring in vulnerabilities on those applications.
Create a New Application
Click the "Add Application" button at the top right of the main AppSec screen.
You'll be directed to the "Add Application" page, where you can fill in:
- Application Name - give your application a name that will be easy for you to identify
- Team Name - optional metadata for the team responsible for the application
- Application Owners - optional metadata on the owners of the application
- Business Units - optional metadata on the business unit responsible for the application
- Hostname - optional metadata
- Repo URL - optional metadata
- Notes - optional field for notes you want to keep on the application
- Application Identifier - required; the URLs/locator elements for the application you're defining. Include all URLs/locators that you want as part of your application.
Click "Save" to create your new application.
View Applications Scores
When you've added new applications, you'll be able to see their risk score on the main AppSec page. This score is calculated based on all the vulnerabilities found on the application locator identifiers you used as part of your application.
You can edit your application metadata or component URLs at any time. To consolidate items into a single Application, simply add Application Locators to the App via the "Edit Application" button, and selecting existing Locators from the dropdown, or typing out any new locators.
Select which applications you'd like to see, and add them, then click Save in the bottom left corner.
Clicking the "Overview" button for an application opens up the Application Overview page, which outlines the basics of the app and shows scores and metrics. You can see all the metadata you defined, as well as an overview of how the application is doing. There's also a link to the Explore view, where you can see the individual vulnerabilities that contribute to the application score (more in the next section on the Explore view).
You can update the Notes field from the Overview page to update your metadata. To update other metadata, use the Edit Application function from the AppSec home page.
Clicking the "Explore" button will direct you to the Explore tab, scoped to your application's vulnerabilities and fixes. It will also give you a "full stack" view, by showing you the underlying assets that power your application.
From the AppSec pulldown, there is an option to select "Reporting".
This will bring you to the AppSec reporting page . This page provides summary statistics and charts based on your defined applications.
The charts here show you:
- Total Risk Score Over Time - This chart shows you your total risk score for all your applications over time by risk score.
- Mean Time To Remediation by Business Unit - This chart shows how each of your Business Units are performing for remediation, if you're using business units metadata on your applications.
- Today's Application Risk Scatter Plot - This chart shows how your applications are scoring for the present day, to allow for easy comparisons between applications on both risk score and vulnerability count.