Findings

edit

This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.

The vulnerabilities findings page displays the vulnerabilities detected by the CNVM integration. CNVM findings include metadata such as the CVE identifier, CVSS score, severity, affected package, and fix version if available, as well as information about impacted systems.

To help you prioritize remediation efforts, you can filter and sort your findings based on these fields.

Clicking on a finding provides a detailed description of the vulnerability, and any available remediation information.

The Vulnerabilities tab of the Findings page

Group, sort, and filter findings

edit

You can group your data by resource by selecting Resource from the Group by menu. When data is grouped by resource, you can click on the name of a virtual machine to view all vulnerabilities that were found on it.

The Vulnerabilities tab of the Findings page

When Group by is set to None, you can sort the Findings table by clicking the column headings or the Sort fields button to the upper left of the table. When sorting is active, the Sort fields button changes to X fields sorted (where X is the number of fields sorting your data), and can be used to modify or clear sorting.

Independent of grouping, you can filter data in two ways:

  • The KQL search bar: Use this to filter your findings. For example, search for vulnerability.id : CVE-2019-00001 to view all findings related to a particular vulnerability.
  • In-table value filters: Hover over a vulnerability CVE ID to display available inline actions. Use the Filter In (+) and Filter Out (-) buttons.

Learn more about a vulnerability

edit

Click the arrow to the left of a vulnerability’s row to open the vulnerability details flyout. This flyout includes a link to the related vulnerability database, the vulnerability’s publication date, CVSS vector strings, fix versions (if available), and more.

When you open the vulnerability details flyout, it defaults to the Overview tab, which highlights key information. To view every field present in the vulnerability document, select the Table or JSON tabs.

Remediate vulnerabilities

edit

To remediate a vulnerability and reduce your attack surface, update the affected package if a fix is available.