The Criticality & Vulnerability visualization is displayed under the Workspace.
Threat Intelligence Feed Comparison
Description:
You can view a summary of CVEs and IOCs per threat feed using the Threat Intelligence Feed Comparison. All of the connected threat feeds (eg. iSight, SYMC, Phishme, and aggregate open source feeds) are displayed with associated CVE and IOC counts.
Field
Description
Threat Feed
Commercial or Open Source aggregate.
Scan Detected CVEs
The number of unique CVEs detected in your network scan results, per threat feed.
Total IOCs
The total number of detected IOCs per threat feed.
Vulnerability Table
Description:
Use the Criticality & Vulnerability visualization to view a roll-up of your vulnerability scan results.
Field
Description
Date
Name of the vulnerability as defined by iSight (at this time).
CVE
Common vulnerabilities and exposures.
Vulnerability as assigned by iSight using the National Vulnerability Database (NVD) convention. This CVE count is expected to match customer scan information against the vendor/product pair, using synthetic Nessus scan information.
Vendor
Vendor of the identified vulnerable software/system as defined by customer scan information (Nessus or Qualys)
Product
The product associated with the Vendor.
Labor Effort
A customer input that assigns a low, medium or high selection.
Patch Difficulty
A customer input that assigns a low, medium or high selection.
Vulnerable Hosts
The count of the number of vulnerable hosts as identified by vulnerability scanning from Customer scan information (Nessus or Qualys). (Sprint 15)
Initial Estimate
A customer input that assigns a cost/value to patching a vulnerability based on the vulnerability/CVE using an FTE count and annual cost.
Exploitability
The National Vulnerability Database Exploitability category assignment to the given CVE:
All
High
Functional
Undefined
POC
Unproven
Anticipated Risk Level
A Customer input that assigns a low, medium or high selection.