Vulnerability Details Page
The Vulnerability Details page in the IoT Security portal displays a summary of a
detected vulnerability, its impact, and recommended actions.
Clicking the CVE (Common Vulnerabilities
and Exposures) link in the Vulnerability column or a number in the
Confirmed Instances or Potential Instances column on the Vulnerabilities
page opens the Vulnerability Details page for that vulnerability.
Here you can read a description of the vulnerability, the impact
it can cause, recommended actions you can take to remediate it,
and see which devices the vulnerability affects or potentially affects.
At the top of the Vulnerability Details page are several important
attributes:
- The CVE ID links to a page about the vulnerability in the National Institute of Standards and Technology NIST database. For example, clicking CVE-2018-18568 opens https://nvd.nist.gov/vuln/detail/CVE-2018-18568.
- The CVSS (Common Vulnerability Scoring System) score ranks the vulnerability on a scale of 0-10, where 0 is the least severe and 10 is the most.
- The IoT Security rating system, which is based on the CVSS, categorizes a vulnerability score into one of several severity levels. There are two CVSS versions and both are presented:
- The source of the vulnerability detection is either IoT Security or one of the third-party vulnerability scanners with which IoT Security integrates: Qualys, Rapid7, or Tenable.
Next is a section describing what the vulnerability is, its impact,
recommended actions to take, and a chart that shows the total number
of affected devices grouped by profile and the relative sizes of
each group.
When you hover your cursor over a section in the chart, a pop-up
appears identifying that profile and the number of devices in it.
This is particularly helpful when a vulnerability affects numerous
device profiles.
At the bottom of the Vulnerability Details page are two tabs—Active Instances and Addressed
Instances. On each tab a table shows all vulnerable and potentially vulnerable devices,
which are referred to as instances. Here’s an example to clarify the difference between
these two types of devices. If a vulnerability only affects devices running a specific
software version and IoT Security identifies the version running on one device as having
this vulnerability but it can't identify which software version is on another, then the
first device is considered as having a confirmed vulnerability but not the second one.
(If
Yes
appears in the Confirmed column, a device is confirmed as
vulnerable. If the Confirmed column is empty, a device is potentially vulnerable but
it’s not confirmed.)A vulnerability instance initially appears in the Active Instances
tab. As soon as you change the status of a vulnerability instance
to
Resolved
, IoT Security moves it from the
Active Instances tab to the Addressed Instances tab. If you later
change a resolved instance to Detected
, it's
automatically moved back to the Active Instances tab.
To see more information about a device, click the device name
in the Instance column to open the Device Details
page for it in a new browser window or tab.
The status of a vulnerability instance begins in the Detected state. You can leave it there or
set it to a different state to reflect where it's in the remediation process:
- Detected: This is the state of a newly detected vulnerability instance. It makes sense to keep it in this state if no action has been taken to investigate, remediate, or resolve it.
- Investigating: Consider setting a vulnerability instance in this state after preliminary work on it has started and it’s being verified, researched, and its impact analyzed.
- Remediating: Consider setting an instance in this state while action is being taken to remediate it but has not yet completed.
- Resolved: An instance becomes resolved either by mitigating the issue or by ignoring and accepting it.
To change the state of a vulnerability instance, click the entry
in the Status column and choose another state.
When you resolve a vulnerability instance, IoT Security prompts
you to provide a reason for its resolution.
To assign a vulnerability instance to someone to work on, select
the check box for the instance, and then click . Enter the username
or email address of a user and then click
Assign
.The person to whom you assign a vulnerability instance
must have an IoT Security user account so that it can send a message
to the appropriate email address.
The user then receives an email message that states that a vulnerability
was assigned to him or her and provides a link to the vulnerability
for investigation.
To add a note about a vulnerability instance or the work being
done on it, select the check box for the instance, and then click .
Enter the note and then click
Add
.The Vulnerability Responses column displays Added Notes.
To read the note and any previous status changes that were made,
hover your cursor over “Added Notes”. An historical record about
the response to the vulnerability instance appears in a pop-up window.
