Follow

Searching Vulnerabilities

There are two ways to list vulnerabilities in NormShield. One of them through scan results under the interface of Scan->Scan Results menu as shown in Figure 1.

Figure 1 - Results of a periodic scan

The other way is more flexible and the interface can be reached by clicking Vulnerability->Vulnerability List sub menu as shown in Figure 2.

vuln2.JPG

Figure 2 - Listing vulnerabilities

The Filters section includes variety of search criteria that can be easily used to narrow down the query. For example, the vulnerability search can be done by selecting Scope, Company, the Creation Date, the Closed Date, the vulnerability Status, its Severity or by selecting the asset labels having the vulnerabilities.

There are three tabs to group vulnerabilities: By Vuln, By Category, and By Asset. In By Category and By Asset tabs, vulnerability counts by each category or asset can be seen.

The input names and their explanation are shown in Table 1.

Input Name

Detail

Scope

Scope of vulnerabilities to be shown, there are several options;

·        All Vulnerabilities: Shows all vulnerabilities that can be seen by the user

·        My Vulnerabilities: Shows vulnerabilities assigned to user

·        My Group Vulnerabilities: Shows vulnerabilities assigned to user's group(s)

·        My Group Members' Vulnerabilities: Shows vulnerabilities assigned to user's other group members

·        My Assets' Vulnerabilities: Shows vulnerabilities of assets owned by user or user's group(s)

Company

The company or companies that has the vulnerability

Create Date

The date that vulnerability or vulnerabilities are created

Close Date

The date that vulnerability or vulnerabilities are closed

Status

The status of the vulnerability, one or more of the followings;

·        Open

·        Closed

·        Recheck

·        Accepted

·        False Positive

·        In Progress

·        On Hold

·        Pending Analysis

Severity

The criticality of the vulnerability, one or more of the followings;

·        Urgent

·        Critical

·        High

·        Medium

·        Low

·        Info

Risk

NS Risk Score, see NS Risk Score

Asset

The asset or assets having the vulnerabilities

Asset Label

The label or labels of asset or assets having the vulnerabilities

Responsible

The responsibility that should fix the vulnerability, one or more of the followings;

·        Network Administrator

·        Analyst

·        Application Server Administrator

·        DB Administrator

·        OS Administrator

·        Developer

Vuln. ID

The ID of the vulnerability given by NormShield at creation time

Vuln. Cat.

The vulnerability definition of the vulnerability, see Vulnerability Knowledge Base

User

The user who is assigned to fix the vulnerability

Table 1 - The input listing of vulnerability search criteria

There are more search criteria than shown in Table 1, and clicking More button make those criteria visible...

In order to see the details of a found vulnerability the Edit icon should be clicked. See Vulnerability Panorama for details.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk