Applicable to Entuity v22.0 GA upwards
The Security Analysis dashboard allows you to view the results of vulnerability monitoring scans. You can also view a summary of your vulnerability monitoring configuration, as well as close, annotate, or assign to users reported CVEs from this dashboard.
The Security Analysis dashboard is available for Views and devices.
The types of event that are displayed on this dashboard are as follows:
- Potential Vulnerability event - raised if a CVE is matched against a device. This opens the Potential Vulnerability incident.
- Potential Vulnerability Patched event - raised if patch levels of Windows OS Server devices are matched against patched CVEs. This closes the Potential Vulnerability incident.
- Potential Vulnerability Cleared event - raised if no CVE is matched against a device following an earlier match. This closes the Potential Vulnerability incident.
For a View:
- Device Summary - this is a Pie Chart dashlet. This dashlet displays the number of devices grouped by vulnerability monitoring enabled ('on', green) and disabled ('off', red).
- Device CPE Summary - Pie Chart dashlet. This dashlet displays the CPE statuses of the devices in the View, from the following: Device Disabled, No CPEs, No Scannable CPEs, Scannable CPE(s).
-
CVE Summary - this is an Incidents Summary dashlet. This dashlet displays the number of open Potential Vulnerability incidents in the View, separated by severity. 'Potential Vulnerability' incidents represent reported CVEs raised against the devices.
- This dashlet utilizes the filtered Incidents Summary functionality, enabling quick filtering of the Potential Vulnerabilities table (see below) by severity.
-
Devices - this is a Table dashlet. This dashlet lists the devices in the View. This table details the following information:
- Asset Name - device display name.
- Enabled - if device is enabled for vulnerability monitoring, either On or Off.
- CPE Count - number of CPEs assigned to the device.
- Scannable CPEs - number of scannable CPEs assigned to the device.
- Deprecated CPEs - number of deprecated CPEs assigned to the device.
- Deprecated CPEs (Updated) - number of updated deprecated CPEs assigned to the device, meaning that their 'deprecated by' CPE exists on the server AND is assigned to the device.
- Deprecated CPEs (No Update) - number of deprecated CPEs assignd to the device that have not been updated, meaning that their 'deprecated by' CPE does not exist on the server OR is not assigned to the device.
- Unrecognized CPEs - number of unrecognized CPEs assigned to the device, meaning that their official ID has not been discovered in the local dictionary, if it exists.
- Unresolved CPEs - number of unresolved CPE candidates assigned to the device.
- CPE Status - CPE status of the device, from one of the following: Device Disabled, No CPEs, No Scannable CPEs, Scannable CPE(s).
- Potential Vulnerabilities - number of reported CVEs/potential vulnerabilities found on the device during vulnerability monitoring scans.
- Potential Vulnerability Incidents - this is an Incidents List dashlet. This dashlet lists all open Potential Vulnerability incidents in the View. 'Potential Vulnerability' incidents represent reported CVEs raised against the devices. The severities can be filtered by selecting the corresponding severities in the CVE Summary Incidents Summary dashlet (see above).
For a device:
Note in the above screenshot, "Scan Deprecated CPEs" is enabled - therefore all of the CPEs are "scannable" despite there being 42 deprecated CPEs (41 of which require an update).
Note, CPE objects are attached to the All Object View context, and therefore Views with filters that are outside the scope of the All Object View context will therefore not display CPE objects for selected devices on this dashboard. For further help and information on View filters, please see this article.
- CPE Summary - this is a Gauge dashlet. This dashlet displays the number of CPEs that are considered 'scannable' (in green) against the total number of CPEs for this device.
- Deprecated CPE Summary - this is a Gauge dashlet. This dashlet
-
CVE Summary - this is an Incidents Summary dashlet. This dashlet displays the number of open Potential Vulnerability incidents in the View, separated by severity. 'Potential Vulnerability' incidents represent reported CVEs raised against the devices.
- This dashlet utilizes the filtered Incidents Summary functionality, enabling quick filtering of the Potential Vulnerabilities table (see below) by severity.
-
CPEs - this is a Table dashlet. This dashlet lists all CPEs assigned to this device. This table details the following information:
- CPE Name - CPE Name/display name.
- Title - title of the CPE (where applicable), as polled from the NIST CPE Dictionary.
- Official ID - official ID of the CPE (where applicable), as polled from the NIST CPE Dictionary.
- NVD Last Modified - timestampe of when the CPE was last modified (polled via the NIST API during the last vulnerability scan).
- Deprecated - if the CPE is deprecated, either Yes or No.
- Unrecognized CPE - true if an official ID belonging to the CPE has NOT been discovered, false otherwise.
- Potential Vulnerabilities - this is an Incidents List dashlet. This dashlet lists all open Potential Vulnerability incidents in the View. 'Potential Vulnerability' incidents represent reported CVEs raised against the devices. The severities can be filtered by selecting the corresponding severities in the CVE Summary Incidents Summary dashlet (see above).
Comments
0 comments
Please sign in to leave a comment.