Categorize vulnerabilities by detection type?

Can i categorize vulnerabilities by type? ie.
-Operating System Vulnerabilities
-Application vulnerabilities (detected by installed program or detected file path)
-Configuration Findings (ie. SNMP or TLS related)

We don’t have a current filter at a high level that makes this easy. The only way to currently do that would be to take an output of the current vulnerability categories and group them based on what exists.

If you run a SQL export with a query of:

SELECT category_name FROM dim_vulnerability_category GROUP BY category_name

This output will give you a list of ALL of the possible values for a category. Keep in mind that a lot of these are essentially like tags so a vulnerability may be a part of multiple categories.

However, this is not the first time this has been asked and I believe there is an IDEA in currently for this to include a few more categories for the high level OS/Application type vulnerabilities.

2 Likes

I’ve asked for this as well, currently I have some really ugly filters on my Remediation Projects that would be so easy if there were vulnerability categories or tags to look for. Also to know if a vulnerability is fixed by a standard patch or something manual like an out-of-band patch or config change, this way we can identify systems that are missing standard patches vs fixes that we haven’t gotten to yet.

2 Likes

Currently, this is a difficult, messy process. We exported all of the vulnerability categories and assigned them as “app” or “OS” based on the division of responsibility in our organization. Then I used those lists to build ugly queries for dashboards and remediation projects for each team.

I also had a request from a manager for a breakout of configuration related vulnerabilities. There is not a vulnerability category for that, so the best workaround I could come up with was to build a filter where vulnerability.title DOES NOT CONTAIN ‘CVE’ && vulnerability.title DOES NOT CONTAIN ‘RHSA’ (I needed to exclude Red Hat vulns as well). It’s not perfect but it is good enough to meet the need I had.

1 Like

Does anyone know what the IDEA “id” is in place for this? I feel like this is strange that they dont have a more seamless solution for this especially considering capabilities of competitors. I know another product has a super easy filter for “Detection Method” (ie. = Library, Installed Program, File Path, Package, Operation System).
This is critical for creating metrics and assigning to remediation teams.

1 Like

We are struggling with the rollout of remediation projects due to the fact we’re unable to filter vulnerabilities by detection type.

Product owners are responsible for patching all application dependencies and third party applications. Deployment teams strictly cover anything related to the operating system itself.

I’ve tried escalating this from a previous IDEA that I’ve submitted. From the looks of it on here I feel there is enough demand. It would be a huge quality of life improvement to query for this.

I’ve had to look at 3rd party solutions for now ie. PowerBi, CAASM tools, etc. to pull the proofasText db field and build my own logic. Very poor response from R7, as they are way behind here in getting the basics right.