Sentinel Menu - Findings

Click on the Findings tab to show the Vulnerability Management page, which allows users to quickly determine which vulnerabilities on their assets require attention and to track the success of their team’s remediation efforts. Users can also show or hide the CVSS score for vulnerabilities, refresh the Vuln Retest status, export the findings to a comma-delimited (CSV) file, or request vuln retests (individually or under the Bulk Actions button).

findings vuln management

You can export the information on this page to a CSV file; clicking on "Refresh Retest Status" will update the retest status of any vulnerability for which that status has been changed. Clicking on "Show CVSS Score" will show the CVSS score for the vulnerabilities listed. For more information on CVSS scores, please go to the National Vulnerability Database at the National Institute of Standards and Technology.

Each vulnerability is listed by Vuln ID, with a Quick Actions section available to allow users to view attack vectors (av icon), notes (note icon), or tags (tag icon) associated with the vulnerability. Click on the Vuln ID, as usual, for more details on the vulnerability.

For more information on the Vulnerability Rating, how the rating is determined, and what it means, please see "How Your Vulnerability Ratings are Determined."

vuln mgmt findings

Vulnerability information given on the Findings page includes:

Vuln ID

The Vulnerability ID is a unique identifier for this specific instance of this vulnerability.

Rating

The vulnerability rating is an indicator of the level of risk associated with this vulnerability, based on the amount of damage that could be done if the vulnerability is exploited (impact), the ease with which it is possible to exploit this vulnerability (likelihood), and, if this vulnerability is found on a site and the customer has provided a priority value for the site, the priority. For more information, please see "How Your Vulnerability Ratings are Determined." To customize the rating for a specific vulnerability or a class of vulnerabilities and an asset or assets, please see "Customizing Your Vulnerability Results."

Class

The vulnerability Class is the broad category of types of vulnerabilities to which this particular vulnerability belongs. For more information on Vulnerability Classes, please see the glossary entry for the Vuln Class.

CVSS Score (if selected)

The CVSS Score is the "Common Vulnerability Scoring System" score for this vulnerability, based on any custom information you have entered and on the standard CVSS score for vulnerabilities of this class. For more information on the CVSS score, please see the Common Vulnerability Scoring System information available at https://www.first.org/cvss/.

Status

Status: the vulnerability status indicates whether the vulnerability is currently open, open with findings currently unreachable, closed, accepted, out of scope, invalid, or mitigated.

Last Opened

Last Opened: indicates the date the vulnerability was last found and opened.

Last Closed

Last Closed: indicates the date as of which the vulnerability was found to have been remediated.

Asset Name

Asset Name: is the name of the asset where the vulnerability was located.

Asset Type

Asset Type: will be either "application" (code base or binary covered under Static Application Security Testing) or "site" (a pre-production or product site covered under Dynamic Application Security Testing).

Retest

Retest: the "Retest" column provides a link allowing you to request retesting for that specific vulnerability. To request retesting for multiple vulnerabilities, please select the vulns using the checkbox to the left of the Vuln ID and use "Bulk Actions" to request the retest.

For more details on each individual vulnerability, click on the Vuln ID and you will be taken to the appropriate Vulnerability Details Page; click on the Asset Name to view asset details.

For information on customizing individual vulnerabilities, please see Customizing Risk Ratings for a Specific Vulnerability. To customize all vulnerabilities of a given class for specific assets, please see Customizing Your Vulnerability Results.

The filter is automatically set by default to show only open vulns, but you can remove or refine that filter as desired using the Filter button (filterbutton) toward the top right of the pane. You can filter by vulnerability ID, rating, status, or class; by date opened or closed (by date range), by vulnerability URL/path, or by asset name, type, status, service level, or asset group name. You can also filter by tags, and for sites you can filter by named zero-day vulnerabilities, vulnerability sub-class, or CVE ID. For applications, you can filter by the availability of directed remediation patches. You can also filter by retest status or, for multi-client customers, by client. Each section of the filter can be expanded or closed for ease of use. If there are many possible values for a filter term, the filter box may scroll. If you do not see the value you want to filter on, be sure to scroll through the list or begin typing to see matching values.

filter selection

The number of filters selected is reflected directly on the filter button (in the screen cap above, one filter has been set).

Filter selections are persistent, as are the number of rows displayed, which will allow you to maintain your context and preferred view of the table between sessions. Filter selections are also reflected in the URL, so that you can bookmark frequent selections and share them with others on your team.

filter1

If you have an unanswered question about a vulnerability, please use Ask About a Vulnerability in Sentinel.