Skip to main content
Skip table of contents

Asset Groups

Purpose

This document provides users with a overview of Asset Groups. 

Introduction

The Asset Groups tab is a dashboard for Managed and Unmanaged groups showing some basic information on findings trends, fixed trends, remediation, and CVSSv3. 

Prerequisites

The reader needs basic access to the OUTSCAN™ account with an active SWAT subscription to interact with groups in Managed section.

Getting Started

Open a browser and navigate to https://outscan.outpost24.com/portal.

Use HTTPS protocol.
Ex. https://outscan.outpost24.com/portal

Enter your credentials and click on the blue arrow button to log in.

For more information about the Portal see Getting Started with the Portal.

Dashboard

In the Asset groups view, all the SWAT assets are listed under the overview panel of Managed section on the left hand side. Click and drag the three dot do resize the panel.

Each card is a graphical representation of number of open findings, fixed findings, remediated findings, a graphical representation of the CVSSv3 score and a graph showing the trends of the findings. 

Overview

Clicking the Asset group overview tree column to the left shows the overview bar at the top is the combined data for all instances.

Portal_Assets_View.PNG

Selecting a specific asset group changes the overview bar to a specific information bar for the selected group showing the name of the group, number of assets, number of findings associated and the creation date for the selected asset group.

Clicking on Assets, Most open vulnerable asset group, Most open vulnerable asset, Open Findings, and Closed Findings opens a filtered view in Asset or Findings for each of the items respectively.

Assets

Show the total number of assets associated with all of the Asset Groups. If an Asset Group is selected, then the value represents the assets associated with selected Asset Group. Assets are groupings of one or several identifiers such as IP addresses and host names that represent distinct resources customers wants to secure. As such, an asset may represent entities such as employee's, websites, databases, OCI images, cloud resources, Outpost24 agents etc.

See Assets for more information.

Asset Group with the Most Open Vulnerabilities

Shows the asset group with the most open findings and the Web Application it belongs to if it is of Managed type. Clicking on it displays a filtered view with the affected parent group or Web Application and the associated assets are listed together with the findings

Asset with the Most Open Vulnerabilities

Shows the asset with the most open findings. As Outpost24 services scan and analyze targets, findings are generated and associated with the corresponding assets.

See Assets for more information.

Open Findings

Number of open findings.

An open finding is defined as a finding with the status set to PRESENT, PENDING VERIFICATION, or IRREPRODUCIBLE.

Findings are the potential risks and recommended reconfiguration suggestions found during automatic and manual assessments of the target asset. These vary from security best practices which lower the attack surface of the target to exploitable vulnerabilities that were verified and confirmed as being present and relevant for the target.

Findings include their classification, risk score and information describing what it is, why it was found and how an attacker might be able to exploit the vulnerability as well as provide clear solutions to remediate the risk.

See Vulnerabilities for more information.

Closed Findings

Number of closed findings.

closed finding is defined as a finding with a non-empty value of its fixed attribute.

See Vulnerabilities for more information.

Total Findings

Total number of findings in all asset groups.

See Vulnerabilities for more information.

Vulnerabilities Average Score

This card shows both the average score for all open vulnerabilities as well as a breakdown for each severity. The score is based on the Common Vulnerability Scoring System (CVSS) which provides a way to capture the characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score is translated into a qualitative representation (such as Low, Medium, High, and Critical) to help assess and prioritize the vulnerability management processes.

See Vulnerabilities for more information.

Clicking on any of the severity bars redirects you to a filtered view of findings of the selected score level.

OWASP Top 10

The OWASP Top 10 card display the findings in a graphical format according to the score of the vulnerability according to OWASP. The Open Worldwide Application Security Project (OWASP) Top 10 is a standard awareness document for developers and web application security, and represents a broad consensus about what the most critical web application security flaws are.

Clicking on the various colored parts of the OWASP diagram redirects you to a filtered list in the Findings Vulnerability view.

This diagram will only be displayed if at least one asset is of Appsec type identified by the source being any of SCALE, SCALE_API, SCALE_SPA, APPSEC, SWAT, ASSURE or SNAPSHOT.

Findings Trend

This metric provides a comprehensive view of how business risks are evolving over time tracking the lifecycle of open and closed findings from the moment they are first identified ("first seen") to when they no longer appear ("last seen"). By analyzing this trend, valuable insights can be gained into the effectiveness of your risk management strategies and identify areas that require attention or improvement.

Findings Top 10

Findings Top 10 shows ten most recent, still open findings with the highest CVSS severity along with the severity and asset they were detected on.

Solutions Top 10

Solutions Top 10 shows ten actions that will resolve most vulnerabilities along with the number of risks and affected assets.

Subscriptions

The Subscriptions card represents the customer's engagement with Outpost24 and each entry corresponds to an already purchased and paid subscription.

The Subscription card list the current subscriptions assigned to the selected web application, as well as those that are unassigned and a history of all of them.

The list in the Subscription card is sorted into four groups: Active, Unassigned, Inactive, and Inactive & unassigned.

Subscription Status

Description

Active show the subscriptions that are currently active and the the end date of that subscription.

Ending soon shows an active subscription where the end date is near giving you a warning that the subscription is on the end of  its valid period.

Unassigned to any web app but active until date.

Inactive show inactive subscription where the subscription time has run out or subscriptions that have a start date of activation in the future.

There are cases where licenses expire without having been used. These are listed under Inactive & unassigned at the bottom.

Overview Cards

The Overview Card shows each Asset group with basic information and breaks down the results in to six categories. The results can be filtered by toggling the Show only vulnerable and Show only active subscription switches

The Show only vulnerable switch, when activated, exclude recommendation findings from being counted and only count findings containing vulnerabilities.

The Show only active subscription switch filters out all but active subscriptions, and show only Asset Groups that currently have an active subscription attached to it, as well as information about said and past subscriptions in the Overview cards.

Card Info

Description

Findings

The total number of Findings, regardless of their status.

Open Findings

Total number of open findings.

Closed Findings

Total number of closed findings.

Assets

Total number of assets.

Critical Findings

Total number of findings with Critical severity.

High Findings

Total number of findings with High severity.

Clicking on the name of the Asset Group will open the dashboard for said Asset Group, whereas clicking on the different info sections will redirect you to a filtered list of findings.

The Overview Card is only available for Managed type of group.

Customer Actions

Accept Risk

If a risk cannot be mitigated right away, that risk can be accepted so that it will not be picked up every time a scan runs. The risk can be accepted for a short period of time. It is customizable to what ever period of time is needed, if the risk cannot be mitigated right away.

To accept a risk.

  1. Click the Accept Risk Icon_Accept_Risk.png icon located on the bar under the list of findings.

  2. Enter a date and a comment.

  3. Click Accept.

Request Verification

The Request Verification button is connected to the Discussions feature.

To request a verification from the AppSec team:

  1. Click the Request Verification Icon_Request_Verification.pngbutton.

    1. A Comment dialog is displayed.


  2. When the Verification request is submitted, a Comment entry is put in the Comments tab of the finding.


    1. This comment is synced together with other comments that are marked for the AppSec team to receive, and they will begin verification of the finding

  3. The AppSec team then either:

    1. Verifies that the vulnerability is present and:

      1. Update the Last seen date.

      2. Respond to the Comment.

    2. Verifies that the finding is fixed and:

      1. Mark the finding as fixed.

      2. Respond to the Comment.

  4. The finding is updated and the customer need to take action.

Findings

The Findings view shows the vulnerabilities identified during the scans.

Portal_Findings_View.PNG

Click on a finding to access the details view on the right side of the window.

Details

The Details tab shows the description of the selected finding along with the solution. 

The first row displays the CVSS score in a color-coded icon, the name of the vulnerability, and the blue/grey eye icon indicating if this vulnerability is being watched or not. See Notifications for more information.

Asset

The affected asset, and by clicking the asset name you are redirected to the asset view for more information.

CVSS Score

The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation such as Low, Medium, High, and Critical to help organizations properly assess and prioritize their vulnerability management processes.[1] 

In the solution field, both CVSS v2 and CVSS v3 base scores are displayed. If a Environmental vector exists, it is displayed as a second section with metrics and the score is adjusted.

Both CVSS score fields are collapsible by clicking the down arrow in the upper right corner.

Description

A detailed explanation of the finding with information about the nature of the vulnerability and its potential impact on the affected system.

Solution

The solution section provides an actionable advice on how to remediate the vulnerability as well as detailed information about the context of the vulnerability where it was found.

Solution Patches

The Solution Patches card shows a patch number recommended to remediate the vulnerability that was found. This is the same patch as the one that can be found in the Solution Patch column.

Classifications

A list of references to widely recognized vulnerability categorization values. 

CWE™

Common Weakness Enumeration (CWE™) is a community-developed list of common software and hardware weaknesses that have security ramifications. A weakness is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.[2]

CAPEC™

Common Attack Pattern Enumerations and Classifications (CAPEC™) is a catalog of known cyber security attack patterns used to prevent attacks.[3]

OWASP

The Open Worldwide Application Security Project (OWASP) Top 10 is a standard awareness document for developers and web application security, and represents a broad consensus about what the most critical web application security flaws are. [4]

SANS Top 25

The SANS value shows the vulnerability score in the 2023 CWE™ Top 25 Most Dangerous Software Weaknesses.

First seen

When the vulnerability was first discovered on the specific asset.

Last Seen

When the vulnerability was last seen on the specific asset.

Exploits

Shows if there are any known public exploits from various sources.

Only visible to Farsight users. To use Farsight you first need to enable the function in your subscription. Contact Outpost24® Support for more information on how you can enable the Farsight feature.

Farsight

The Likelihood feature in Outpost24® Farsight provides an easier way to address vulnerabilities that are relevant and may impact an organization irrespective of the CVSS score or the presence of an exploit for a vulnerability.

By focusing on the likelihood, you are mitigating vulnerabilities that, based on the machine learning model, are predicting an increased risk even though it may not currently be exploited.

Risk classification of assets serves a purpose and should be conducted to further distinguish where to focus most efforts. This task can be time-consuming and may not produce viable results in the first couple of iterations. Farsight enables you to filter out some unlikely vulnerabilities with little to no prior knowledge about the vulnerabilities or assets, getting you on track with your vulnerability program faster. 

Risk Score - Likelihood 

Likelihood is a risk indicator that shows how many times more likely a vulnerability is to be exploited compared to average, where approximately 95% of all vulnerabilities are never exploited. This is displayed in the Likelihood column in the Findings view. The value can go from 1 to 100, where 100 is the equivalent of saying it will be (or has been already) exploited in the wild in the next 12 months. The benefit to the customer is the ability to drive a more aggressive risk-based remediation, focusing on even fewer vulnerabilities that reach a particular likelihood.  It is also worth noting that any vulnerability already exploited in the wild will have the risk value of 100 as it has been exploited already.

Since risk score is machine learning driven, several factors affect the risk rating, which can decrease and increase based on activity in the wild.

Option

Description

Score

A risk indicator that shows how much more likely a vulnerability is to be exploited compared to average. The risk indicator presents the likelihood values in an 0-100% (0-1) format.

Delta

The difference between the current and the former likelihood values.

Update date

The date when the Delta value changed.

Threat activity

The last time the threat activity was detected by the watcher community.

Exploits

Option

Description

Source

The source of the exploit information, for example Farsight, Exploit Database.

CVE

The Common Vulnerabilities and Exposures (CVE) entry of the vulnerability.

Name

The name of the exploit associated with the vulnerability.

URL

A link to more information of the exploit in the source.

Comments

The Comments tab enables you to post comments on findings, as well as sending messages to the Outpost24® Appsec team for review and response about the selected vulnerability.

Discussions about a finding are normally customer-internal. Only when eligible (via associated subscription) may a dialog between customer and the Outpost24 AppSec team be initiated.

Starting a Discussion

You can start a discussion about a finding:

  1. Select a finding.

  2. Click the Comments tab on the right side. The Comments tab shows all your ongoing discussions.

  3. Add a new comment and click the blue Start Discussion button.


  4. To reply to a discussion, enter your reply on the Reply to conversation line and click the blue Reply button.

Starting a Discussion with the Outpost24 AppSec Team

You can start a discussion about the findings with the Outpost24 AppSec Team for review and response. 

  1. Select a finding.

  2. Click the Comments tab on the right side. The Comments tab shows all your ongoing discussions.

  3. Toggle the Start a discussion with Outpost24 switch.

    Portal_discussion_discussion.png

The Start a discussion with Outpost24 toggle is displayed if and when the underlying finding is eligible.

  1. Add a new comment and click the blue Start Discussion button.
    The comment is sent to the Outpost 24 AppSec team.

  2. To reply to an ongoing discussion, enter your reply on the Reply to conversation line and click the blue Reply button.

When discussing with an Outpost 24 AppSec representative, the discussion card is marked clearly with a blue sign in the top left corner of the discussion card.

Portal_Discussion.png


Deleting a Single Comment

To delete a comment in a discussion, click on the delete Icon_Delete.png icon to the right. This removes the comment from the discussion.


The deleted comment is marked with the text "This message has been deleted".

You can only delete your own comments.

Deleting a Discussion Tree

To delete the entire discussion tree, click on the delete Icon_Delete.png icon to the right on the first line in the card. This removes all conversation in the card.


The deleted discussion and all replies is marked with the text "This message has been deleted".

Removing the top discussion will remove all the following replies in that discussion recursively.

Web_application_delete_discussion.png

If no comment is given, a default message/comment stating “Transitioned finding status from <original status> to <new status> without user's comment." is saved as a activity log to assist with the reviewing of the finding’s history.

The customer can also transition non-SWAT findings from other status like FALSE_POSITIVE, FIXED or ACCEPTED.

Example:

Portal_Finding_Vulnerability_Accept_Risk_No_Comment.png

Starting discussions with the Outpost24® Appsec team requires an active Appsec subscription.

To access existing comments, enable the comments column and click on the comment icon_comment.png icon to quickly launch the comments window. 

Manage Findings

Select one or more findings, and choose one of the actions that is displayed on the bottom bar:

Portal_findings_manage_findings.PNG

Right-clicking a finding or a selected group of findings opens a menu where the same tasks can be performed.

Portal_Findings_Right_Click_Menu.PNG

The possible user actions are:

  • Click on the Start watching finding Icon_Start_Watching_Finding.png icon to start keeping track of notifications for that finding.

  • Click on the Stop watching finding Icon_Stop_watching_finding.png icon to stop keeping track of notifications for that finding.

  • Click on Edit tags icon Icon_Edit_Tag.png.png icon to add a tag to the selected finding.

See Tags for more information.

  • Click on the Mark as Fixed Icon_Mark_As_Fixed.png icon, and confirm by clicking YES, to update the status of that finding as fixed

  • Click on the Unmark as Fixed Icon_Unmark_As_Fixed.png icon, and confirm by clicking YES, to revert the status of that finding to not fixed.

  • Click the Request Clarification Icon_Requestclarification.png icon to request clarification of an unclear finding from the OP24 technical service team.

  • Click on the Request verification Icon_Request_Verification.png icon to add a comment and send to the technical service team for verification regarding that finding.

  • Click on the Change risk Icon_Change_Risk.png icon to change the change the risk information of that finding. 

  • Click on the Accept risk Icon_Accept_Risk.png icon to accept the risk. You can also select a date and add comment.

  • Click on the Unaccept risk Icon_Unaccept_Risk.png icon to revert the accepted status of that finding.

  • Click on the Send to Icon_Send_To.png icon to send the vulnerability information via email to a list of users or email addresses.

  • Click on Mark as false positive Icon_Mark_As_False_Positive.png icon to mark a finding as a false positive.

  • Click on Unmark false positive Icon_Unmark_As_False_Positive.png icon to unmark a finding as a false positive.

Columns

By clicking the Column Icon_Column.png bar next to the Main Menu, you expand the column list available to Findings. Select any Column to view in the main window.

Select a specific column to know that information about a finding. All selected columns are displayed in the Findings tab. The available options are described below.

Option

Format

Description

Accepted

Time since when finding transitioned from present to accepted.

If a finding cannot be mitigated right away, that finding can be accepted so that it will not be picked up by the tool every time a scan runs.

Accepted comment

Comment when accepting a finding

Accepted until

Time until when findings acceptance ends.

The finding can be accepted for ever or for a short period of time. It is customizable to what ever period of time is needed, if the finding cannot be mitigated right away.

Active subscriptions

The Active subscription column indicates which currently active subscriptions are associated with the asset.

Age

Shows how old the vulnerability is in regards to when then it was first discovered in a scan.

Alternative recreation

See Recreation

Asset group IDs

Group IDs attached to Asset that the Finding belongs to.

Asset ID

The unique identifier of the Asset the Finding belongs to.

Asset name

Name of the asset associated to the finding. Could consist of  among others:

  • FQDN

  • IP-address

  • Agent ID

  • Container image name

Attachment IDs

List of IDs to files such as screenshots or text files attached to the finding uploaded by the Appsec team.

BugTraq

Bugtraq ID of the vulnerability.

CAPEC

Common Attack Pattern Enumerations and Classifications (CAPEC™) is a catalog of known cyber security attack patterns used to prevent attacks. Same information as in the Detailed tab.

Check ID

The rule ID that triggered the finding.

Comments

Number of comments associated to the finding. 

Created

When the finding object was first created. Counted from when a scan first resulted in this finding or when the Appsec team pushed it.

Created by

Who created it:

  • System if it was from a scan

  • Appsec team if they created it

Custom BugTraq

Configurable BugTraq field to “override” the default values set based on what is found in the scan.

Custom CVE

Configurable CVE field to “override” the default values set based on what is found in the scan.

Custom CVSS v2 vector

Configurable CVSS v2 vector field to “override” the default values set based on what is found in the scan.

Custom CVSS v3 vector

Configurable CVSS v3 vector field to “override” the default values set based on what is found in the scan.

Custom CWE

Configurable CWE field to “override” the default values set based on what is found in the scan.

Custom description

Configurable Description field to “override” the default values set based on what is found in the scan.

Custom name

Configurable Name field to “override” the default values set based on what is found in the scan.

Custom solution

Configurable Solution field to “override” the default values set based on what is found in the scan.

Customer ID

ID of the Outpost 24 customer account this finding belongs to.

CVE

Common Vulnerabilities and Exposures (CVE) entry of the vulnerability. CVE is a list of publicly disclosed computer security flaws that's been assigned a CVE ID number. Same information as in the Detailed tab.

CVSS score

  • CRITICAL - 9.0-10.0

  • HIGH - 7.0-8.9

  • MEDIUM - 4.0-6.9

  • LOW - 0.1-3.9

  • RECOMMENDATION - 0

  • UNKNOWN

The CVSS score is a numerical value that quantifies the severity of a security vulnerability. It consists of three main components:

  • the Base Score (intrinsic severity),

  • the Temporal Score (current risk),

  • the Environmental Score (customized based on an organization's environment).

The Base Score ranges from 0.0 to 10.0 and is determined by assessing various metrics.

The CVSS score column combines score from both CVSS v2 and CVSS v3 where v3 have priority. However, when v3 is not available, v2 is shown.

The CVSS score is shown as default, but previous CVSS-specific columns are still available.

CVSS Severity

The format is based on a combination of CVSS V2 and V3 Severities.

Note that a 9.5 score in V2 may result in only a HIGH mark in severity if V3 values is not available.

CVSS severity is a qualitative assessment of the overall seriousness of a security vulnerability based on its CVSS Base Score. The severity levels range from "RECOMMENDATION" to "CRITICAL" .

These levels help to quickly understand the potential risk posed by a vulnerability and prioritize the response efforts accordingly. However, organizations should also consider their specific context when assessing and addressing vulnerabilities.

The CVSS Severity is a coalesced value on the different CVSS versions (currently version 2 and 3) with the higher version taking priority.

CVSS v2 base score

  • HIGH 7.0-10.0

  • MEDIUM 4.0-6.9

  • LOW 0.0-3.9

  • RECOMMENDATION

The CVSS v2 Base Score is a numerical value that quantifies the intrinsic severity of a security vulnerability.

It is calculated based on various metrics like how the vulnerability can be exploited, based on Access Complexity (AC), Authentication (AU) requirements, and the potential Confidentiality Impact (C), Integrity (I), and Availability Impact (AI).

The score ranges from 0.0 (LOW severity) to 10.0 (HIGH severity).

CVSS v2 environmental score

  • HIGH 7.0-10.0

  • MEDIUM 4.0-6.9

  • LOW 0.0-3.9

CVSS v2 Environmental Score represents the characteristics of a vulnerability that are relevant and unique to a particular environment.

It takes into account factors such as the importance of Confidentiality Requirement (CR), Integrity Requirement (IR), and Availability Requirement (AR) for the affected asset, as well as adjustments based on an organization's security controls and configurations.

CVSS v2 score

  • HIGH 7.0-10.0

  • MEDIUM 4.0-6.9

  • LOW 0.0-3.9

  • RECOMMENDATION

The CVSS v2 score is a numerical value used to assess the severity of a security vulnerability. It consists of three main components Base Score which quantifies the vulnerability's intrinsic severity ranging from 0.0 to 10.0. Temporal Score (optional) that considers temporal factors like exploitability, patch availability, and report confidence to assess the current risk associated with the vulnerability. Environmental Score (optional) component that allows organizations to customize the score based on their specific environment, considering factors like asset importance and security controls.

CVSS v2 severity

  • HIGH 7.0-10.0

  • MEDIUM 4.0-6.9

  • LOW 0.0-3.9

  • RECOMMENDATION

CVSS v2 severity is a qualitative assessment of the overall seriousness of a security vulnerability. It categorizes vulnerabilities into levels like Low, Medium, High, or Critical to provide a quick understanding of the risk they pose.

The Base Score quantifies the intrinsic severity of the vulnerability based on various metrics such as

CVSS v2 temporal score

  • HIGH 7.0-10.0

  • MEDIUM 4.0-6.9

  • LOW 0.0-3.9

CVSS v2 Temporal Score represents the characteristics of a vulnerability that change over time but not among user environments.
These characteristics include the likelihood of Exploitation (E), the availability of fixes or workarounds Remediation Level (RL), and the Report Confidence (RC) level in the vulnerability report.
The Temporal Score is used to understand the real-world impact and urgency of addressing a vulnerability at a given time.

CVSS v2 vector

The CVSS v2 vector is a textual representation used to describe the key characteristics of a security vulnerability.

It consists of metrics and values that assess factors like how the vulnerability can be accessed, its complexity, authentication requirements, and the potential impact on data confidentiality, integrity, and availability.

This vector string is used to calculate the CVSS v2 Base Score, which quantifies the vulnerability's intrinsic severity, and it serves as a standardized way to communicate detailed information about the vulnerability's attributes.

CVSS v3 base score

  • CRITICAL - 9.0-10.0

  • HIGH - 7.0-8.9

  • MEDIUM - 4.0-6.9

  • LOW - 0.1-3.9

  • RECOMMENDATION - 0

  • UNKNOWN

The CVSS v3 Base Score represents the intrinsic severity of a security vulnerability. It is determined by assessing metrics such as  Attack Vector (AV), Attack Complexity (AC), Privileges Required (PR), User Interaction (Ui), Scope (S), and impact on Confidentiality (C), Integrity (I), and Availability (A).
The Base Score does not consider specific environment or mitigating factors.

CVSS v3 combines these metrics to calculate the Base Score, which provides a standardized way to understand the severity of a vulnerability. The score is then used to prioritize their vulnerability management efforts.

CVSS v3 environmental score

  • CRITICAL - 9.0-10.0

  • HIGH - 7.0-8.9

  • MEDIUM - 4.0-6.9

  • LOW - 0.1-3.9

  • RECOMMENDATION - 0

  • UNKNOWN

The CVSS v3 Environmental Score is bases of an organization's specific circumstances when assessing the severity of a vulnerability. The Environmental Score considers factors like confidentiality, integrity, and availability requirements, as well as an organization's security controls and configurations. It provides a customized risk assessment for a vulnerability within a specific organizational context, helping to prioritize response efforts accordingly.

CVSS v3 score

  • CRITICAL - 9.0-10.0

  • HIGH - 7.0-8.9

  • MEDIUM - 4.0-6.9

  • LOW - 0.1-3.9

  • RECOMMENDATION - 0

  • UNKNOWN

The CVSS v3 score is a numerical value that quantifies the severity of a security vulnerability. It consists of three main components:

  • the Base Score (intrinsic severity),

  • the Temporal Score (current risk),

  • the Environmental Score (customized based on an organization's environment).

The Base Score ranges from 0.0 to 10.0 and is determined by assessing various metrics.

CVSS v3 severity

  • CRITICAL - 9.0-10.0

  • HIGH - 7.0-8.9

  • MEDIUM - 4.0-6.9

  • LOW - 0.1-3.9

  • RECOMMENDATION - 0

CVSS v3 severity is a qualitative assessment of the overall seriousness of a security vulnerability based on its CVSS Base Score. The severity levels range from "RECOMMENDATION" to "CRITICAL" .

These levels help to quickly understand the potential risk posed by a vulnerability and prioritize the response efforts accordingly. However, organizations should also consider their specific context when assessing and addressing vulnerabilities.

CVSS v3 temporal score

  • CRITICAL - 9.0-10.0

  • HIGH - 7.0-8.9

  • MEDIUM - 4.0-6.9

  • LOW - 0.1-3.9

  • RECOMMENDATION - 0

The CVSS v3 Temporal Score is used to assess the current risk of a security vulnerability. It considers factors like the likelihood of Exploitability (E), Remediation Level (RL), and Report Confidence (RC) .

By adjusting the Base Score with these temporal factors, organizations can better understand the urgency and real-world impact of a vulnerability, helping to prioritize response efforts effectively.

CVSS v3 vector

The CVSS v3 vector is a text-based representation that encodes key details about a security vulnerability. It includes fields for Base metrics, Temporal metrics , and Environmental metrics. These metrics describe attributes like how the vulnerability can be accessed, its exploitability, the availability of fixes, and more. The CVSS v3 vector is used to calculate the CVSS scores

CWE

Common Weakness Enumeration (CWE™) is a list of common software and hardware weaknesses that have security ramifications. Same information as in the Detailed tab.

Description

Detailed explanation of the finding with information about the nature of the vulnerability and its potential impact on the affected system. Same as in Details tab.

Exploits available

Determines if there is a publicly available exploit present for this vulnerability.

False positive

Shows if the vulnerability has been marked as a false positive. A false positive refers to a situation where a system or tool incorrectly identifies something as a problem or issue when it is not. False positives can lead to wasted resources and may require efforts to reduce their occurrence for better accuracy in automated systems and processes.

False positive comment

Comments left when identifying a false positive.

First scan ID

ID of the scanlog entry this finding was first found in.

First seen

Date shows when the finding was first discovered on a specific asset during recurring scans. When not found in a scan, the first seen date resets.

Fixed

Timestamp of when the finding was marked as fixed by the customer or the Appsec team.

ID

Unique identifier of the finding.

Impact

Describes the potential impact of the identified vulnerability. Same information as in the Detailed tab.

Is accepted

Whether the finding has been marked as an accepted risk or not, since the launch of the status field.

Last scan ID

This is the last (latest) scan this finding was found in.

Last seen

Date shows when the finding was last seen on a specific asset. Checks if the finding is present in recurring scans. If it is not found in one scan, the last seen date resets.

Match IDs

Reference ID to the scanners raw data output that the finding is generated from and contains in depth information such as vhost, port, pattern, url, product versions, and so on.

Name

The name of the vulnerability.

OWASP 2004

The Open Worldwide Application Security Project (OWASP) Top 10 is a standard awareness document for developers and web application security, and represents a broad consensus about what the most critical web application security flaws are.

Each column presents the numerical value shown in the Detailed tab.

OWASP 2007

OWASP 2010

OWASP 2013

OWASP 2017

OWASP 2021

Ports

Displays ports the finding is found on. Hovering mouse on the port chip displays the port number and protocol as tool-tip.

Portal_Fidnings_Ports.png

Number filter is applicable on the column.

Potential

Flags if this finding has been marked as a potential false positive by customer or Appsec team.

Recreation

Shows the information on how to recreate the identified vulnerability. Same information as in the Detailed tab.

SANS 25

The SANS value shows the vulnerability score

Seen last scan

Boolean value that shows if the finding was detected during the last scan of the linked asset.

Sent to

Lists the email addresses to which the vulnerability information has been sent.

Solution

The Solution column provides an actionable advice how to remediate the vulnerability as well as detailed information about the context of the vulnerability where it was found.

Solution Patches

The Solution Patches column provides an patch number to remediate the vulnerability that was found.

Solution product

Identifies the affected product or software solution.

Solution title

Provides a concise title for the solution or patch.

Solution type

Categorizes the type of solution (e.g., patch, update).

Solution UUID

Universally Unique Identifier for tracking the solution.

Source

Which source scanner or product type does the finding originate from.

Status

Indicates the different statuses for a finding. Can be marked as:

  • Accepted - Displays if the risk is accepted or not

  • False Positive - The scanner is finding a risk that has been marked by someone to be a false positive and is not supposed to pick up on.

  • Fixed - Shows if the vulnerability has been marked as fixed.

  • Irreproducible - AppSec not able to reproduce finding

  • Pending Verification - Shows if there is any pending verification request

  • Present - (Default) Shows that a Finding is present after scanning

Tags

Displays the available tags associated with the finding.

Updated

Timestamp of when the finding was last updated at all for any reason, system- or user-initiated.

Updated by

Who did the last updating action, system, user, or AppSec team and so on.

Watching

Indicates that there is a Notification associated with this finding. See Notification Settings for more information.

Filtering

The vulnerability findings can be filtered by Asset groups & Assets by expanding the filter menu.

  1. To expand the filter menu, click the Asset groups & Assets icon.

    Portal_Findings_WebApp_Asset_bar.PNG


  2. In the menu there are two areas, Asset groups and Assets are separated in two areas.



  3. When selecting an Asset group, the vulnerabilities are filtered to cover only those vulnerabilities associated with the selected assets and a bar at the bottom of the panel appears with the option of report export.

    Portal_Findings_Filter_Web_App_Selection.png


  4. When selecting an asset, Asset group is automatically deselected and vice versa. This also updates the filtered vulnerabilities according to selection.

    Portal_Findings_Filter_Web_App_unselected.png

  5. The "You don't have access to this section." error message in Asset groups area indicates that the user lacks the required permissions to see Asset groups.

    Web App wrap error.png

A maximum of 500 findings can be selected at one time.

For more information about Findings, see Vulnerabilities.

See Filters for common filtering options in the portal.

Tags

By using the Tag Icon_Edit_Tag.png.png icons, tags can be added and removed to the asset group.

For more information about tags, see Tags.

Summary

The Executive Summary is a text aimed to describe the overall security level of the application in question. This includes a brief summary of the general security status as well as the identified vulnerabilities.

To see the Summary:

Click on Summary button in the upper right corner of the  status-bar in the Asset groups dashboard.
The field Summary Updated indicates when the summary was last updated.

Reports

To export reports for asset groups from the Portal UI:

  1. Select a asset group.

  2. Click on the Report button near top right corner.

  3. The options available to choose from are similar to generating a report for Assets, beside Vulnerabilities being the only available type of report.

    Web_applications_Generat_Report.png


Reports use View Templates to filter the reports by predefined templates. The built-in SWAT template is pre-selected and filters out fixed findings by default.

  1. Continue with the same steps as in a normal Report.
    For more information, see Reports.

Note that the user who requests the Asset Groups report may only see vulnerabilities and summaries to which they have access privilege. For example, a main user sees everything, but a sub-user with limited privilege will only see reports about the assets that they can access in the asset group.

If all assets or asset groups related to a scheduled report configuration are deleted, the scheduled report configuration will be automatically removed.

Related Article




Copyright

© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.