Sentinel for Security Teams
WhiteHat Security allows you to discuss risk in business terms with those of your users who are concerned with business risks, and in technical terms with those of your users who are involved in resolving vulnerabilities. In WhiteHat Sentinel, you can track the overall robustness of your web security with a single score, view your history and how you compare with others in your industry, and report on security issues on a high level or in detail. You can also see detailed risk analysis by application or site and drill down into attack vectors, code issues, and recommended approaches to remediation for individual vulnerabilities.
WhiteHat Sentinel offers several dashboards to assist you in keeping track of your security. When you log in to Sentinel, you will find the dashboards under the Summary Tab.
The Executive Dashboard is designed to give your executive staff a quick, clear, and actionable summary of your overall security status. It displays your total vulnerabilities, your vulnerability trends, your most common vulnerabilities, how quickly vulnerabilities are being remediated (how long the vulnerability could potentially be exploited), and assets that have assessment issues.
The Peer Benchmarking Dashboard is probably of most interest to the Security Team. It is designed to show you how your overall security compares with other businesses both in your industry and globally. The measurements reflected in the dashboard include the percentage of your assets that have vulnerabilities, the average number of open vulnerabilities, the remediation rate, and how many days it takes to resolve a vulnerability, on average.
The Frameworks Dashboard will alert users with Maven or NuGet repositories to CVE alerts, commonly used frameworks, out-of-date frameworks, license information for your assets, and libraries used in your assets.
Sentinel offers a variety of customizable reports. Security Team members will probably be most interested in the Audit and Compliance Reports. Sentinel also offers Summary Reports and detailed Vulnerability Reports.
Sentinel findings are visible on the Vulnerability Management page (under the Findings tab in Sentinel). By filtering this page you can limit what you see to specific vulnerabilities: for example, if you are responsible for a particular asset, you can filter for vulnerabilities found on that asset using the Asset Name filter; you can filter for vulnerabilities of a specific vulnerability class or rating, specific tags, etc. and view only the vulnerabilities that meet your criteria.
Vulnerability findings are described by a Rating (the degree of risk associated with the vulnerability) and a Vulnerability Class (describing the type of vulnerability it is). From the main Vulnerability Management page, you can also see the vulnerability status (open, closed, accepted, mitigated, or invalid), the date it was most recently opened or closed, and the name of the asset in question.
To see detailed information about a vulnerability, click on the Vulnerability ID on the findings page. This will take you to the appropriate Vulnerability Detail page, where you can see the vuln class, location, status, date opened, and (optionally) the CVSS score, or request a retest of the vulnerability. Site vulnerabilities will also have links to the attack vectors, while application vulnerabilities will indicate whether there is a compliance policy that affects this vulnerability and will display the source, sink, variable usage, and associated code snippets. There will also be a description of the vulnerability class and general recommendations for remediation; if you have other questions, you can click on the "Ask a Question" link and ask a question directly of the Threat Research Center engineers.