In order to modularize and simplify the use and representation of vulnerabilities, there exist vulnerability definitions, in other words, vulnerability knowledge base which contains the details of a single vector of vulnerabilities, such as Cross Site Scripting or Default Apache Tomcat Credentials.
Every vulnerability in NormShield has a vulnerability category, which is interchangeably called vulnerability definition. There might more than one vulnerabilities having a single vulnerability definition. Figure 1 shows the listing of vulnerability definitions/categories by clicking submenu Vulnerability->Vulnerability Categories.
Figure 1 - Vulnerability knowledge base interface
As vulnerabilities are automatically or manually imported, vulnerability definitions are created in NormShield that doesn’t exist before.
Apart from the usual filtering, manipulative operations also exist for vulnerability definitions. Tags are a dynamic and effective way of grouping vulnerability definitions. Tags exist for vulnerability definitions similar to why labels exist for assets.
While grouping vulnerability definitions using tags are important for reports, it's equally important to attach root causes to them. Root cause analysis is one of the most important steps for a ITSec professional and the company for a more secure posture in the future.