Vulnerability Overview Dashboard
Table of Contents
Expand all | Collapse all
-
- Firewall and PAN-OS Support of IoT Security
- IoT Security Prerequisites
- Onboard IoT Security
- Onboard IoT Security on VM-Series Firewalls with Software NGFW Credits
-
- DHCP Data Collection by Traffic Type
- Firewall Deployment Options for IoT Security
- Configure a Pre-PAN-OS 10.0 Firewall with a DHCP Server
- Configure a Pre-PAN-OS 10.0 Firewall for a Local DHCP Server
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Plan for Scaling when Your Firewall Serves DHCP
- Prepare Your Firewall for IoT Security
- Configure Policies for Log Forwarding
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
- IoT Security Integration with Prisma Access
- IoT Security Licenses
- Offboard IoT Security Subscriptions
-
- Introduction to IoT Security
- IoT Security Integration with Next-generation Firewalls
- IoT Security Portal
- Vertical-themed Portals
- Device-to-Site Mapping
- Sites and Site Groups
- Networks
- Reports
- IoT Security Integration Status with Firewalls
- IoT Security Integration Status with Prisma Access
- Data Quality Diagnostics
- IoT Security Integrations with Third-party Products
- IoT Security and FedRAMP
Vulnerability Overview Dashboard
The Vulnerability Overview dashboard helps you understand your vulnerability
landscape.
The Vulnerability Overview dashboard () lets you customize how information about vulnerabilities and
vulnerability instances is presented so you can view their impact on your devices from
different perspectives. By setting filters, you determine the scope of the information
displayed, and by defining queries and settings, you control the types of
vulnerabilities and the types of devices you want to see.
Vulnerabilities
Vulnerability Overview
The filters you set at the top of the page do not affect the
Vulnerabilities of Interest section. The vulnerabilities displayed there are determined
by the settings you configure within that section itself.
The dashboard consists of four main sections to help you easily see key statistics,
identify top vulnerabilities of interest, gain insights into their distribution among
different groups of devices, and track vulnerability instances trends.

At the top of the page is a summary of key vulnerability statistics within the parameters
defined by the filters for sites, device category, and time range.
- Vulnerabilities to Date– This is the total number of vulnerabilities detected since you began using your IoT Security tenant.Although IoT Security retains security alerts in its database for up to one year, it does not impose this time limit on vulnerabilities. If you've been using IoT Security longer than a year, it will continue showing vulnerabilities detected more than a year before.
- New Vulnerabilities in<time range> – This is the total of vulnerabilities that were detected within the time range specified in the data filter at the top of the page.
- Aged Vulnerabilities– This is the total of all vulnerabilities that remain unresolved beyond the specified time range (30, 60, 90, or 180 days).
- Instances I resolved in<time range> – This is the total of vulnerability instances that were assigned to the person currently logged in and which were resolved during the time range specified in the data filter at the top of the page.
Vulnerabilities of Interest
– Define criteria for vulnerabilities
that matter most to you. IoT Security will then display the top ten vulnerabilities in
response to your query with the more severe and those affecting the most device profiles
displayed first. For example, if you want to see vulnerabilities for a specific vendor
or profile that were detected within the last week, click the gear icon (

By default, IoT Security uses the predefined "Risky Vulnerabilities" query to search for
confirmed critical vulnerabilities for which a proof of concept (PoC) is publicly
available. You can edit this query to define other attributes of interest and then click
the bookmark icon (
) to save
it for reuse.


Vulnerability Instances Distribution
– The Sankey chart lets you
see the distribution of vulnerability instances across different groupings of devices.
Reading the chart from left to right, you start off on the left with all the
vulnerability instances that match the site and device category filters at the top of
the page. (Regardless of the time range filter set for the page, this chart shows all
vulnerability instances to date.) The chart then relates these instances to a type of
grouping in the middle and relates these again to another type of grouping on the right.
The choices for these groupings are Severity
,
Vulnerability Type
, Status
,
Device Type
, Device Category
,
Profile
, Vendor
, and Attack
Vector
(the type of access required to exploit a vulnerability, as
defined in a CVE). Vulnerability instances are distributed vertically in the chart
either by severity (when Severity is the chosen grouping) or by instance count (for all
other types) with those groupings with the highest severity or most instances at the top
of the chart. When there are more than five groupings, the Sankey chart shows the top
five and then gathers everything else in an "Others" group. Hover your cursor over
Others to see a list of the next ten groupings, and click View
all
to see a pop-up panel with a complete list.When you use
Profile
to group instances and then hover your cursor
over an area on a post for a particular profile, IoT Security displays an Action pop-up
panel that lets you create a set of recommended policy rules with this
profile as the source.
When you click
Create Policy
, IoT Security opens Assets
Devices
>
profile-name
> Create New Policy Set
. From there, you can modify the
automatically generated policy set if necessary, save it, and then activate it for
firewalls to import.For example, to see the ratio of vulnerability instances among different device profiles
and different vulnerability types, choose
Profile
for the middle
post and Vulnerability Type
for the right post. The gray bands
between the left and middle posts show how many instances pertain to each of the top
five device profiles, and the gray bands between the middle and right posts show how
many instances in each profile belong to different vulnerability types. Each band is
labeled and shows the total number of vulnerability instances per profile (on the left)
and for that profile per vulnerability type (on the right). The width of the bands lets
you see at a glance the relative quantities of vulnerability instances. Hovering your
cursor over a section of a post shows the percent of instances for the adjacent
bands.Colors only convey meaning to denote vulnerability severity levels: red = critical,
orange = high, yellow = medium, and blue = low. For other types of groupings,
semi-transparent shades of gray are used solely to distinguish one band from
another.
To download the data from the Sankey chart for your records or reports, click the download
icon (
) in the upper right above the chart. IoT
Security saves it as an .xlsx file with vulnerability instance distribution information
on the first sheet and a complete list of vulnerability instances on the second.

Vulnerability Instances Trend
– The Instance Trend chart displays
a cumulative count of vulnerability instances over the specified time period and a daily
noncumulative count of resolved instances. This visually shows vulnerability instance
trends to help vulnerability management teams see if the number of vulnerability
instances has been increasing or decreasing over time. It also displays data for
resolved vulnerability instances, which can help teams gauge their progress in regard to
vulnerability resolution. Hover your cursor over different points on the chart to see
the number of critical, high, medium, low, and resolved vulnerability instances for
different dates.To download data from the Instance Trend chart for reports or records, click the download
icon (
) in the upper right above the chart. IoT
Security saves it as an .xlsx file with the number of vulnerability instances to date
and resolved instances over the specified period of time.
