Viewing the vulnerabilities table

Expand all | Collapse all

The vulnerabilities table is displayed in the Vulnerabilities section of the application web interface. The table may display information about vulnerabilities in an Active state and vulnerabilities in either a Remediated or Accepted state.

When viewing the vulnerabilities table, you can use the following functions:

• Configure the display and order of columns in the vulnerabilities table.

  To configure the list of columns displayed in the table:

  1. In the Vulnerabilities section, click the Customize table link to open the window for configuring how the table is displayed.
  2. Select the check boxes opposite the settings that you want to view in the table. You must select at least one setting.

     The following settings are available for selection:

     • CVE.

       CVE ID of the detected vulnerability.

     • Device group.

       Name of the group containing the device with the detected vulnerability (contains the name of the group and the names of all its parent groups).

     • Device

       Name and IP address of the device (if an IP address is not assigned, the MAC address is displayed).

     • CVSS score.

       Assessment of the severity of the vulnerability according to the Common Vulnerability Scoring System (CVSS). The severity of the vulnerability is designated by a numerical score. Depending on the severity, the score may have one of the following colors:

       • Red designates a vulnerability with High severity.
       • Yellow designates a vulnerability with Medium severity.
       • Blue designates a vulnerability with Low severity.

       For vulnerabilities in the Active state, the score is brightly colored. If a vulnerability is switched to the Remediated or Accepted state, its score is faintly colored.

     • State.

       Current state of the vulnerability. The following states are available:

       • Active is the automatically set state of a vulnerability when it is first detected (and when it is detected again after the vulnerability was in the Remediated state). You can also manually switch a vulnerability to the Active state from the Accepted state.
       • Remediated is the automatically set state of a vulnerability if the device information no longer matches database fields that describe a vulnerability with the same CVE (including if the device has been deleted or if the vulnerability description has been removed from the database of known vulnerabilities).
       • Accepted. A vulnerability can be manually switched to this state from the Active state if the risk associated with exploitation of this vulnerability is considered to be negligible or mitigated by organizational measures.
     • Published.

       Date and time when information about the vulnerability was published by the hardware or software vendor (VendorAdvisory).

     • First detected.

       Date and time when the vulnerability was first detected based on device information.

     • Last detected.

       Date and time when the vulnerability was last detected based on device information.

     • Attack conditions.

       Description of the attack conditions.

     • Impact.

       Description of the potential effects from exploitation of the vulnerability.

     • Matched CPE.

       Descriptions of devices stored in the database of known vulnerabilities. These are descriptions that match device information in the devices table. Descriptions are provided in CPE language format (Hardware CPE code / Software CPE code) and in text format (Hardware description / Software description).

     • Vector.

       Record of metrics used to calculate a CVSS vulnerability score.

     • Description

       Text description of the vulnerability from the database of known vulnerabilities.

  3. If you want to change the order in which columns are displayed, select the name of the column that needs to be moved to the left or right in the table and use the buttons containing an image of the up or down arrows.

  The selected columns will be displayed in the vulnerabilities table in the order you specified.

• Filtering based on standard periods
  To configure vulnerability filtering based on a standard period:

  1. In the Vulnerabilities section, perform one of the following actions:
     • Open the Detection period drop-down list in the toolbar.
     • Click the filtering icon in the Last detected column.
  2. In the drop-down list, select one of the standard periods:
     • Last 24 hours.
     • Last week.
     • Last month.
     • Last year.

  The table will display vulnerabilities for the period you specified.

• Filtering based on a specified period
  To configure vulnerability filtering based on a specified period:

  1. In the Vulnerabilities section, perform one of the following actions:
     • Open the Detection period drop-down list in the toolbar.
     • Click the filtering icon in the Last detected column.
  2. In the drop-down list, select Specify a period.

     The start and end date and time of the filtering period are displayed on the right of the drop-down list.

  3. Click the date of the start or end of the period.

     The calendar opens.

  4. In the calendar, specify the date for the start and end boundaries of the filtering period. To do so, select a date in the calendar (the current time will be indicated) or manually enter the value in the format DD-MM-YYYY hh:mm:ss. If you don't need to specify the date and time of the filtering period end boundary, you can choose not to select a date or you can delete the current value.
  5. Click OK.

  The table will display vulnerabilities for the period you specified.

• Filtering based on table columns

  To filter vulnerabilities by the CVE, Device, Attack conditions, Impact, Vector or Matched CPE column:

  1. In the Vulnerabilities section, click the filtering icon in the relevant column of the table.

     The filtering window opens.

  2. In the Including and Excluding fields, enter the values for vulnerabilities that you want to include in the filter and/or exclude from the filter.
  3. If you want to apply multiple filter conditions combined by the logical operator OR, in the filter window of the selected column click the Add condition button and enter the condition in the opened field.
  4. If you want to delete one of the created filter conditions, in the filter window of the selected column click the icon.
  5. Click OK.

  To filter vulnerabilities by the CVSS score or State column:

  1. In the Vulnerabilities section, click the filtering icon in the relevant column of the table.

     When filtering by CVSS score or state, you can also use the corresponding buttons in the toolbar.

     The filtering window opens.

  2. Select the check boxes opposite the values by which you want to filter events. You can clear or remove all check boxes by clicking the link that is displayed in the upper part of the filter window.
  3. Click OK.

  To filter vulnerabilities by the Device group column:

  1. In the Vulnerabilities section, click the filtering icon in the Device group column.

     The filtering window opens.

  2. Click the icon in the right part of the field to indicate the group.

     The Select group in tree window appears.

  3. In the device group tree, select the relevant group and click the Select button.

     The path to the selected group will appear in the field in the filter window.

  4. If you want to apply multiple filter conditions combined by the logical operator OR, in the filter window click the Add condition (OR) button and specify a different group in the opened field.
  5. If you want to delete one of the created filter conditions, in the filter window click the icon.
  6. Click OK.

  To filter devices by the Published or First detected column:

  1. In the Vulnerabilities section, click the filtering icon in the relevant column of the table.

     The calendar opens.

  2. In the calendar, specify the date and time for the start and end boundaries of the filtering period. To do so, select a date in the calendar (the current time will be indicated) or manually enter the value in the format DD-MM-YY hh:mm:ss.
  3. Click OK.
• Vulnerability Scan

  To find relevant vulnerabilities:

  In the Vulnerabilities section, enter your search query into the Vulnerability Scan field. The search is initiated as you enter characters.

  The table will display the vulnerabilities that meet the search criteria.

  A search is performed in all columns except the CVSS score, State, Published, First detected and Last detected columns.

• Resetting the defined filter and search settings

  To reset the defined filter and search settings in the vulnerabilities table:

  In the toolbar in the Vulnerabilities section, click the Default filter button (this button is displayed if search or filter settings are defined).

• Sorting vulnerabilities

  You can sort vulnerabilities displayed in the vulnerabilities table. You can sort by the values of any column except the Description column.

  To sort vulnerabilities:

  1. In the Vulnerabilities section, click the header of the column by which you want to sort.
  2. If you need to sort the table based on multiple columns, press the SHIFT key and hold it down while clicking the headers of the columns by which you want to sort.

  The table will be sorted by the selected column. When sorting by multiple columns, the rows of the table are sorted according to the sequence of column selection. Next to the headers of columns used for sorting, you will see icons displaying the current sorting order: in ascending order or descending order of values.