...
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
What are Company Problems? In short, these are the vulnerabilities that the ConnectSecure scan agent(s) has discovered. Vulnerabilities are automatically categorized into Problem Groups to help us understand and communicate what type of vulnerabilities we are discovering. |
...
Company Problems - Table of Contents
Table of Contents | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
Company Problems - Overview
This is your view of Problem Groups associated with Affected Assets for the selected company, including Suppressed Records.
Problems are the automatic groups discovered vulnerabilities will go into instead of just the traditional lists that include the CVE and severity. We are trying to make it easier to identify the type of vulnerabilities and group them for easier reporting and remediation.
Problem Groups
...
As part of the V4 release, we have designed a new screen that provides a fresh view of what we call 'Problem Groups.' With this new screen, the system will automatically classify your vulnerabilities into logical groups, making it easier for you to remediate them. It will also help you generate accurate reports catering to your specific needs. See the details below for the full listing.
Affected Assets
...
View the Affected Assets for the selected company. The number of assets will be displayed in the title bar. Tap the asset IP to view details.
...
Suppressed Records
...
Tap here to view the suppressed vulnerabilities for the selected company. From the three-dot action menu you have the option to ‘Unsuppress’.
...
Company Problems - Details
Problem Group Categories:
All Vulnerabilities
Critical Severity Vulnerabilities
High Severity Vulnerabilities
Medium Severity Vulnerabilities
Low Severity Vulnerabilities
SMB Vulnerabilities
SSL/TLS Vulnerabilities
Remote Login Vulnerabilities
CISA Notified Vulnerabilities
EPSS >= 0.95
EPSS Between 0.90 and 0.95 >
EPSS >= Between 0.90 and 0.90 > EPSS >= 85
EPSS Between 0 and 0.85
Database Vulnerabilities
Informational
Problem Details include the following data fields: Problem Name, Description, Assets, Score, and Severity. These details will be updated based on the Problem Group Name selected.
...
Field Label
...
Description / General Use
...
Problem Name
...
Displays the detected vulnerabilities CVE-ID
...
Description
...
Describes the CVE-ID (Problem Name)
...
Assets
...
Displays the count of Assets with the CVE-ID (Problem Name)
...
Score
...
Displays the Base, EPSS, Exploitability, and Impact Scores.
...
Severity
...
Displays the Severity for the selected CVE
...
Ports
...
Displays any associated Ports for the CVE
...
Script Output
...
Displays the script output return from the check ID
...
Base
...
Displays the Base score (CVSS)
...
EPSS
...
Displays the EPSS score; source First.ORG
...
Exploitability
...
Affected Assets
...
View the Affected Assets for the selected company. The number of assets will be displayed in the title bar. Tap the asset IP to view details.
...
You will see the Asset details and immediately be filtered down to the Problems section, with the Problem Group shown based on the selection from the previous click-throughs.
...
Asset Problem Details include the following data:
Field Label | Description |
---|---|
Base | Displays the Base score from NVD |
Confirmed | Displays a Yes or No Yes = confirmed with the path evidence displayed |
Description | Displays the description for the problem |
EPSS | Displays the EPSS score from first.org |
Exploitability | Displays the Expliabloit score from NVD |
Impact | Displays the Impact score from NVD |
Ports | Displays |
...
Global Problem Group Name - Glossary of Terms
The system automatically classifies discovered vulnerabilities into the specific Problem Group Names in the table below.
Problem Group Name
Description / Use Case
0.90 > EPSS >= 0.85
Vulnerabilities grouped by EPSS Scoring >=90/95%
0.85 > EPSS >= 0.90
Vulnerabilities grouped by EPSS Scoring >=85/90%
0.95 > EPSS >= 0.90
Vulnerabilities grouped by EPSS Scoring >=90/95%
CISA Notified Vulnerabilities
Vulnerabilities grouped by CISA classification; source CISA.GOV
Critical Vulnerabilities
Vulnerabilities grouped by severity of Critical
EPSS >= 0.95
Vulnerabilities grouped by EPSS Scoring >=95%
High Severity Vulnerabilities
Vulnerabilities grouped by severity of High
Informational
Vulnerabilities grouped by category of Info Only
Low Severity Vulnerabilities
Vulnerabilities grouped by severity of Low
Medium Severity Vulnerabilities
Vulnerabilities grouped by severity of Medium
Remote Access Vulnerabilities
Vulnerabilities grouped by category of Remote Access
Remote Login Vulnerabilities
Vulnerabilities grouped by category of Remote Login
SMB Vulnerabilities
Vulnerabilities grouped by category of SMB
SSL Certificate Info
Vulnerabilities grouped by category of Certifcates
SSL/TLS Vulnerabilities
any affected port(s) | |
Problem Name | Displays the problem name |
Scripts Output | Displays any script output |
Software | Displays the software name affected |
Ticket ID | Displays any Ticket ID created by PSA integration |
...
Suppressed Records
Info |
---|
Suppressed Records can include any of the vulnerabilities identified by our problem groups, including application, OS, network scan, and external vulnerabilities. |
...
Tap here to view the suppressed vulnerabilities for the selected company.
Unsuppress
From the three-dot action menu, select ‘Unsuppress’ to bring a Problem back as Active.
...
Company Problems - Action Toolbar Overview
...
Company Problems - Action Toolbar Actions
Scan
Tap on the Asset Count from the Problems Details table, then tap the IP of any asset, and use the Scan button to initiate an asset scan.
...
Tap the IP to see the Asset:
...
Tap on the SCAN action menu to begin an asset scan:
...
Integration Action
Info |
---|
Please select at least one record from Problems to use an existing integration. If no integration is configured, you will get the following error: Integration not configured! |
This will give you a Short or Long Description option to use an Integration Action with.
Panel | ||
---|---|---|
| ||
Long Description = Host Name, Fix URL, Uninstall Path, Vulnerabilities Count, Source, Version Short Description = Host Name, Fix URL, Uninstall Path, and Version |
Info |
---|
Actions vary based on the configuration of the integration you are using. These will include the Create, Update, and Close Ticket options. |
Select your Integration Profile, then tap Next to continue. Confirm the settings being used for the action, and then tap the Submit button to send it.
...
Jobs
Tap to view Scan Job(s) historical data.
...
Alerts
Set a date range to view the System Events and asset timeline.
...
Info
Tap to view the Getting Started wizard; see the link below for additional information.
V4 Getting Started In App Info
...
Help Link
Tap to view the corresponding Company Problems KB.
...
Company Problems - Suppression
You have an option to mark any discovered Problem as Suppressed. Doing so will move the Problem to the Suppressed Records section.
...
How To: Suppress a Problem
Select a Problem Name record or multiples using the checkboxes, then tap the Global Actions > Suppress button.
...
Note |
---|
NOTE: Suppression of any Problem will require approval and a reason. |
Approval Process - Self Approve (requires Admin or Approver permissions)
Using this option, you must enter your Suppression Comments and the date options, which include permanent or a start/end date range.
...
Approval Process - Other User
User Type = Internal User
Using this option, you must choose from the drop-down of available Internal Users (in User Management) with Admin or Approver permissions, along with the required comments and date parameters.
...
User Type = External User
Using this option, you must enter the email address into the external user column, along with the required comments and date parameters.
...
Tip |
---|
Enter comma-separate emails for more than one. |
...
How To: Suppress Problems
...
How To: Unsuppress Problems
Using a global action option, you can unsuppress a previously suppressed Problem either one record at a time or in mass.
...
Need Support?
Contact our support team by sending an email to support@connectsecure.com or by visiting our Partner Portal, where you can create, view, and manage your tickets.
...