Can i categorize vulnerabilities by type? ie.
-Operating System Vulnerabilities
-Application vulnerabilities (detected by installed program or detected file path)
-Configuration Findings (ie. SNMP or TLS related)
We donāt have a current filter at a high level that makes this easy. The only way to currently do that would be to take an output of the current vulnerability categories and group them based on what exists.
If you run a SQL export with a query of:
SELECT category_name FROM dim_vulnerability_category GROUP BY category_name
This output will give you a list of ALL of the possible values for a category. Keep in mind that a lot of these are essentially like tags so a vulnerability may be a part of multiple categories.
However, this is not the first time this has been asked and I believe there is an IDEA in currently for this to include a few more categories for the high level OS/Application type vulnerabilities.
Iāve asked for this as well, currently I have some really ugly filters on my Remediation Projects that would be so easy if there were vulnerability categories or tags to look for. Also to know if a vulnerability is fixed by a standard patch or something manual like an out-of-band patch or config change, this way we can identify systems that are missing standard patches vs fixes that we havenāt gotten to yet.
Currently, this is a difficult, messy process. We exported all of the vulnerability categories and assigned them as āappā or āOSā based on the division of responsibility in our organization. Then I used those lists to build ugly queries for dashboards and remediation projects for each team.
I also had a request from a manager for a breakout of configuration related vulnerabilities. There is not a vulnerability category for that, so the best workaround I could come up with was to build a filter where vulnerability.title DOES NOT CONTAIN āCVEā && vulnerability.title DOES NOT CONTAIN āRHSAā (I needed to exclude Red Hat vulns as well). Itās not perfect but it is good enough to meet the need I had.
Does anyone know what the IDEA āidā is in place for this? I feel like this is strange that they dont have a more seamless solution for this especially considering capabilities of competitors. I know another product has a super easy filter for āDetection Methodā (ie. = Library, Installed Program, File Path, Package, Operation System).
This is critical for creating metrics and assigning to remediation teams.
We are struggling with the rollout of remediation projects due to the fact weāre unable to filter vulnerabilities by detection type.
Product owners are responsible for patching all application dependencies and third party applications. Deployment teams strictly cover anything related to the operating system itself.
Iāve tried escalating this from a previous IDEA that Iāve submitted. From the looks of it on here I feel there is enough demand. It would be a huge quality of life improvement to query for this.
Iāve had to look at 3rd party solutions for now ie. PowerBi, CAASM tools, etc. to pull the proofasText db field and build my own logic. Very poor response from R7, as they are way behind here in getting the basics right.