Vulnerability Management
Last updated
Last updated
The Vulnerabilities page displays the complete details of all the vulnerabilities identified in the applications. The page displays the following panels:
The vulnerability prioritization panel displays the vulnerabilities in the form of graphs. Vulnerabilities are given prioritization ranks based on Exploit Prediction Scoring System (EPSS), the Common Vulnerability Scoring System (CVSS), and the Knowledge of Exploit Vulnerability (KEV).
EPSS
EPSS is a predictive model that analyzes the risk level of the vulnerability being exploited in the future. It evaluates the complexity of exploitation, the existence of publicly available exploits, and the potential impact of an exploit. By analyzing these elements, EPSS assigns a score that indicates the risk level associated with a vulnerability.
CVSS
CVSS is a framework for assessing the severity of vulnerabilities. It provides a standardized method for evaluating vulnerabilities based on various metrics, such as exploitability, impact, and complexity. The CVSS score, ranging from 0 to 10, helps you to prioritize the response efforts by identifying the most critical vulnerabilities.
KEV
KEV, or Knowledge of Exploit Vulnerability, refers to the availability of information about a vulnerability and its associated exploits. A high KEV indicates that detailed information about the vulnerability is publicly available, increasing the likelihood of exploitation. By considering KEV alongside EPSS and CVSS scores, you can gain a more comprehensive understanding of the risk posed by a vulnerability.
The vulnerabilities are ranked based on prioritization, into 6 types of categories as shown below:
Priority 1+ - Top priority, these vulnerabilities are found in CISA's Known Exploited Vulnerabilities Database and is the real threat.
Priority 1 - (Upper right quadrant) - Critical vulnerabilities which are most likely to be exploited. For a Vulnerability to be in Priority 1, CVSS score should be greater than 6 and EPSS score greater than 0.2.
Priority 2 - (Bottom right quadrant) - These vulnerabilities may cause serious impact and are much less likely to be exploited. For a Vulnerability to be in Priority 2, the CVSS score should be greater than 6 and EPSS Score should be less than 0.2.
Priority 3 - (Upper Left quadrant) - These vulnerabilities are more likely to be exploited but would not cause serious impact. For a Vulnerability to be in Priority 3, the CVSS score should be less than 6 and EPSS Score should be greater than 0.2.
Priority 4 - (Bottom Left quadrant) - These vulnerabilities are less likely to be exploited and would not cause serious impact. For a Vulnerability to be in Priority 4, the CVSS score should be less than 6 and EPSS Score should be less than 0.2.
Unprioritized - Vulnerabilities which are not categorized by the above 5 types of Priorities are considered as unprioritized.
The vulnerability optimization panel displays the unique vulnerabilities in groups. Since the chances of the same vulnerability occurring across various deployments is high; the unique vulnerabilities are identified, grouped and displayed.
The graph depicts Unique Vulnerabilities as subset of All Vulnerabilities and Top Priority Vulnerabilities as subsets of Unique Vulnerabilities.
To avoid duplication of vulnerabilities, components impacted with the same CVE are grouped and displayed.
In the example shown below, components that are impacted by CVE-2024-22262 are grouped under it.
On clicking the CVE, a popup is displayed. The Show impacted components section displays the total number of components impacted by the selected CVE.
By expanding this section, all the components that are impacted are displayed as shown below:
JIRA tickets are automatically created and also can be manually created for the vulnerabilities. If the vulnerability with security issue is of Critical or High severity, the Jira is automatically created and for other severities you can create manually by using the Create Jira Ticket option in the vulnerabilities details popup.
To create JIRA tickets, follow the steps given below:
Expand the Show impacted components drop down. The list of all the components impacted by the selected vulnerability are displayed.
Click the additional options menu (three dots).
Click the Create Jira Ticket option.
A Jira ticket is created and listed in the View Jira Ticket column as shown below:
If the vulnerability is of Critical or High severity, the Jira is automatically created by default and the ticket number is displayed as a tab as shown below:
You can click the View SSD-2880 tab to view the ticket details.
The smart search option in the Vulnerabilities details page is used to search for specific components based on Artifact, Component, Severity or Vulnerability.
Click in the Search dropdown. The available search options are displayed.
Select the required option. A dropdown with the values specific to the selected option are displayed. For example: Vulnerability is selected as the search option as shown below:
Select the specific vulnerability value for which you want to find the components, and press Enter. The components with the selected vulnerability are displayed.
The displayed vulnerability page can be downloaded in either .CSV or .JSON formats by clicking the Download button provided at the top right corner as show below:
The vulnerabilities can be searched from the Application Dashboard page also. The following example shows searching for the applications based on the Vulnerability in this page.
Select Vulnerability from the search dropdown. Now enter the vulnerability name as shown below and press Enter. The applications with the given vulnerability are displayed.
Select a application and click it. The environment in which the vulnerability is found is highlighted and the current deployments with the selected vulnerability are displayed as shown below.
Click on any Vulnerability count for the displayed current deployments.
The vulnerabilities details page is displayed. Click search and select Vulnerability from the search options.
Now select the same vulnerability name from the displayed list. All the components related to the selected current deployment are displayed.
