Vulnerability Details Page
The Vulnerability Details page in the IoT Security portal displays a summary of a detected vulnerability, its impact, and recommended actions.
Clicking the CVE (Common Vulnerabilities and Exposures) link in the Vulnerability column or a number in the Confirmed Instances or Potential Instances column on the Vulnerabilities page opens the Vulnerability Details page for that vulnerability. Here you can read a description of the vulnerability, the impact it can cause, recommended actions you can take to remediate it, and see which devices the vulnerability affects or potentially affects.
At the top of the Vulnerability Details page are several important attributes:
- The CVE ID links to a page about the vulnerability in the National Institute of Standards and Technology NIST database. For example, clicking CVE-2018-18568 opens https://nvd.nist.gov/vuln/detail/CVE-2018-18568.
- The CVSS (Common Vulnerability Scoring System) score ranks the vulnerability on a scale of 0-10, where 0 is the least severe and 10 is the most.
- The IoT Security rating system, which is based on the CVSS, categorizes a vulnerability score into one of several severity levels. There are two CVSS versions and both are presented:
- The source of the vulnerability detection is either IoT Security or one of the third-party vulnerability scanners with which IoT Security integrates: Qualys, Rapid7, or Tenable.
Next is a section describing what the vulnerability is, its impact, recommended actions to take, and a chart that shows the total number of affected devices grouped by profile and the relative sizes of each group.
When you hover your cursor over a section in the chart, a pop-up appears identifying that profile and the number of devices in it. This is particularly helpful when a vulnerability affects numerous device profiles.
At the bottom of the Vulnerability Details page are two tabs—Active Instances and Addressed Instances. On each tab a table shows all vulnerable and potentially vulnerable devices, which are referred to as instances. Here’s an example to clarify the difference between these two types of devices. If a vulnerability only affects devices running a specific software version and IoT Security identifies the version running on one device as having this vulnerability but it can't identify which software version is on another, then the first device is considered as having a confirmed vulnerability but not the second one. (If
Yesappears in the Confirmed column, a device is confirmed as vulnerable. If the Confirmed column is empty, a device is potentially vulnerable but it’s not confirmed.)
A vulnerability instance initially appears in the Active Instances tab. As soon as you change the status of a vulnerability instance to
Resolved, IoT Security moves it from the Active Instances tab to the Addressed Instances tab. If you later change a resolved instance to
Detected, it's automatically moved back to the Active Instances tab.
To see more information about a device, click the device name in the Instance column to open the Device Details page for it in a new browser window or tab.
The status of a vulnerability instance begins in the Detected state. You can leave it there or set it to a different state to reflect where it's in the remediation process:
- Detected: This is the state of a newly detected vulnerability instance. It makes sense to keep it in this state if no action has been taken to investigate, remediate, or resolve it.
- Investigating: Consider setting a vulnerability instance in this state after preliminary work on it has started and it’s being verified, researched, and its impact analyzed.
- Remediating: Consider setting an instance in this state while action is being taken to remediate it but has not yet completed.
- Resolved: An instance becomes resolved either by mitigating the issue or by ignoring and accepting it.
To change the state of a vulnerability instance, click the entry in the Status column and choose another state.
When you resolve a vulnerability instance, IoT Security prompts you to provide a reason for its resolution.
To assign a vulnerability instance to someone to work on, select the check box for the instance, and then click
. Enter the username or email address of a user and then click
The person to whom you assign a vulnerability instance must have an IoT Security user account so that it can send a message to the appropriate email address.
The user then receives an email message that states that a vulnerability was assigned to him or her and provides a link to the vulnerability for investigation.
To add a note about a vulnerability instance or the work being done on it, select the check box for the instance, and then click
. Enter the note and then click
The Vulnerability Responses column displays Added Notes.
To read the note and any previous status changes that were made, hover your cursor over “Added Notes”. An historical record about the response to the vulnerability instance appears in a pop-up window.
Recommended For You
Recommended videos not found.