Versions Compared

Old Version 5

changes.mady.by.user Victor Buonocore

Saved on

compared with

New Version Current

changes.mady.by.user andrew johnston

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Criticality & Vulnerability

The Criticality & Vulnerability visualization is displayed under the Workspace.

Image Removed

 

 

Image Added

 



Threat Intelligence Feed Comparison

Description:

You can view a summary of CVEs and IOCs per threat feed using the Threat Intelligence Feed Comparison.  All of the connected threat feeds (eg. iSight, SYMC, Phishme, and aggregate open source feeds) are displayed with associated CVE and IOC counts.

FieldDescription
Threat FeedCommercial or Open Source aggregate.
Scan Detected CVEsThe number of unique CVEs detected in your network scan results, per threat feed.
Total IOCsThe total number of detected IOCs per threat feed.

 

Vulnerability Table

Description:

Use the Criticality & Vulnerability visualization to view a roll-up of your vulnerability scan results.

FieldDescriptionNotes
TitleDateName of the vulnerability as defined by iSight (at this time). 
CVECVE

Common vulnerabilities and exposures.

Vulnerability as assigned by iSight

via

using the National Vulnerability Database (NVD)

 

convention. This CVE count is expected to match customer scan information against the vendor/product pair, using synthetic Nessus scan information.

 Vendor

Vendor of the identified vulnerable software/system .

 

as defined by customer scan information (Nessus or Qualys)

ProductThe product associated with the Vendor. 
Labor Effort

A customer input that assigns a low, medium or high selection.

 

Patch DifficultyA customer input that assigns a low, medium or high selection. 
Vulnerable HostsThe count of the number of vulnerable hosts as identified by vulnerability scanning like from Customer scan information (Nessus or Qualys). (Sprint 15)
Initial Estimate

A customer input that assigns a cost/value to

the vendor and product pair in order to close the  

patching a vulnerability based on the vulnerability/CVE using an FTE count and annual cost.

Exploitability

The National Vulnerability Database

exploitability

Exploitability category

assigned

assignment to the given CVE

:

All

High

Functional

Undefined

POC

Unproven

Anticipated Risk LevelA Customer input that assigning assigns a low, medium or high . 
   

 

 

PanelRelated Documentation:
selection.