Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
panelIconId1f914
panelIcon:thinking:
panelIconText🤔
bgColor#DEEBFF

What are Company Problems?

In short, these are the vulnerabilities that the ConnectSecure scan agent(s) has discovered. Vulnerabilities are automatically categorized into Problem Groups to help us understand and communicate what type of vulnerabilities we are discovering.

...

Company Problems - Table of Contents

Table of Contents
minLevel1
maxLevel6
include
outlinefalse
indent
excludeCompany Problems - Table of Contents
typelist
class
printablefalse

...

Company Problems - Overview

This is your view of Problem Groups associated with Affected Assets for the selected company, including Suppressed Records.

Problems are the automatic groups discovered vulnerabilities will go into instead of just the traditional lists that include the CVE and severity. We are trying to make it easier to identify the type of vulnerabilities and group them for easier reporting and remediation.

Problem Groups

...

As part of the v4 V4 release, we have designed a new screen that provides a fresh view of what we call 'Problem Groups.' With this new screen, the system will automatically classify your vulnerabilities into logical groups, making it easier for you to remediate them. It will also help you generate accurate reports catering to your specific needs.

...

Company Problems - Details

Problem Details include the following data fields: Problem Name, Description, Assets, Score, and Severity. These details will update based on the Problem Group Name selected.

...

Field Label

...

Description / General Use

...

Problem Name

...

Displays the detected vulnerabilities CVE-ID

...

Description

...

Provides a description of the CVE-ID (Problem Name)

...

Assets

...

Displays the count of Assets with the CVE-ID (Problem Name)

...

Score

...

Displays the Base, EPSS, Exploitability, and Impact Scores.

...

Severity

...

Displays the Severity of the CVE-ID (Problem Name)

...

Global Problem Group Name - Glossary of Terms

The system automatically classifies discovered vulnerabilities into the specific Problem Group Names in the table below.

...

Problem Group Name

...

Description / Use Case

...

0.85 > EPSS >= 0.90

...

Vulnerabilities grouped by EPSS Scoring >=85/90%

...

0.90 > EPSS >= 0.85

...

Vulnerabilities grouped by EPSS Scoring >=90/95%

...

0.95 > EPSS >= 0.90

...

Vulnerabilities grouped by EPSS Scoring >=90/95%

...

Antivirus Not Installed

...

 

...

Backup Not Performed

...

 

...

CISA Notified Vulnerabilities

...

Vulnerabilities grouped by CISA classification; source CISA.GOV

...

Critical Vulnerabilities

...

Vulnerabilities grouped by severity of Critical

...

Database Vulnerabilities

...

 

...

EPSS >= 0.95

...

Vulnerabilities grouped by EPSS Scoring >=95%

...

Firewall Misconfiguration

...

 

...

High Severity Vulnerabilities

...

Vulnerabilities grouped by severity of High

...

Information Disclosure

...

 

...

Informational

...

 

...

Low Severity Vulnerabilities

...

Vulnerabilities grouped by severity of Low

...

Mail Vulnerabilities

...

 

...

Medium Severity Vulnerabilities

...

Vulnerabilities grouped by severity of Medium

...

Operating System out of Support

...

 

...

Remote Access Vulnerabilities

...

 

...

Remote Login Vulnerabilities

...

 

...

Running Services

...

 

...

SMB Vulnerabilities

...

 

...

SSL Certificate Info

...

 

...

SSL/TLS Vulnerabilities

...

 

...

Web Server Fingerprint

...

 

...

image-20240104-163412.pngImage Removed

...

Problems Suppress - tap to suppress a problem; select at least one problem to use the suppression feature.

...

Problems Suppressed Records - tap to view any problems previously suppressed.

...

Jobs - tap to view any scan jobs and their current status.

...

Alerts - tap to view System Events, time-line style.

Dashboard - tap to be redirected to our external dashboard builder.

...

Problems Suppress

To suppress a problem, click the checkbox to select and then tap the Problems Suppress icon.

...

You will be prompted to enter additional details before suppressing the problem.

...

You can choose to either Self Approve or choose Other User

...

Selecting the Self Approve options requires a Comment, Start Date, and End Date.

...

When using the system provided by Other User, you will be prompted to choose a User Type. You can either select Internal User or External User.

If you choose Internal User, you will see a drop-down list from where you can select the specific Internal User who is supposed to receive the email notification for this impression.

On the other hand, if you choose External User, you will need to enter the email addresses separated by commas of those who will receive the approval email.

Problems Suppressed Records

Jobs

Alerts

Dashboard

See the details below for the full listing.

Problem Group Categories:

  • All Vulnerabilities

  • Critical Severity Vulnerabilities

  • High Severity Vulnerabilities

  • Medium Severity Vulnerabilities

  • Low Severity Vulnerabilities

  • SMB Vulnerabilities

  • SSL/TLS Vulnerabilities

  • Remote Login Vulnerabilities

  • CISA Notified Vulnerabilities

  • EPSS >= 0.95

  • EPSS Between 0.90 and 0.95

  • EPSS Between 0.90 and 0.85

  • EPSS Between 0 and 0.85

  • Database Vulnerabilities

  • Informational

...

Affected Assets

...

View the Affected Assets for the selected company. The number of assets will be displayed in the title bar. Tap the asset IP to view details.

...

You will see the Asset details and immediately be filtered down to the Problems section, with the Problem Group shown based on the selection from the previous click-throughs.

...

Asset Problem Details include the following data:

Field Label

Description

Base

Displays the Base score from NVD

Confirmed

Displays a Yes or No

Yes = confirmed with the path evidence displayed

Description

Displays the description for the problem

EPSS

Displays the EPSS score from first.org

Exploitability

Displays the Expliabloit score from NVD

Impact

Displays the Impact score from NVD

Ports

Displays any affected port(s)

Problem Name

Displays the problem name

Scripts Output

Displays any script output

Software

Displays the software name affected

Ticket ID

Displays any Ticket ID created by PSA integration

...

Suppressed Records

Info

Suppressed Records can include any of the vulnerabilities identified by our problem groups, including application, OS, network scan, and external vulnerabilities.

...

Tap here to view the suppressed vulnerabilities for the selected company.

Unsuppress

From the three-dot action menu, select ‘Unsuppress’ to bring a Problem back as Active.

...

Company Problems - Action Toolbar Overview

...

Company Problems - Action Toolbar Actions

Integration Action

Info

Please select at least one record from Problems to use an existing integration.

If no integration is configured, you will get the following error: Integration not configured!

image-20240506-195425.pngImage Added

This will give you a Short or Long Description option to use an Integration Action with.

Panel
bgColor#DEEBFF

Long Description = Host Name, Fix URL, Uninstall Path, Vulnerabilities Count, Source, Version

Short Description = Host Name, Fix URL, Uninstall Path, and Version

Info

Actions vary based on the configuration of the integration you are using. These will include the Create, Update, and Close Ticket options.

image-20240506-195827.pngImage Added

Select your Integration Profile, then tap Next to continue. Confirm the settings being used for the action, and then tap the Submit button to send it.

...

Jobs

Tap to view Scan Job(s) historical data.

...

Alerts

Set a date range to view the System Events and asset timeline.

...

Info

Tap to view the Getting Started wizard; see the link below for additional information.

Getting Started In App Info

...

Tap to view the corresponding Company Problems KB.

...

Company Problems - Suppression

You have an option to mark any discovered Problem as Suppressed. Doing so will move the Problem to the Suppressed Records section.

...

How To: Suppress a Problem

  1. Select a Problem Name record or multiples using the checkboxes, then tap the Global Actions > Suppress button.

...

Note

NOTE: Suppression of any Problem will require approval and a reason.

Approval Process - Self Approve (requires Admin or Approver permissions)

Using this option, you must enter your Suppression Comments and the date options, which include permanent or a start/end date range.

...

Approval Process - Other User

User Type = Internal User

Using this option, you must choose from the drop-down of available Internal Users (in User Management) with Admin or Approver permissions, along with the required comments and date parameters.

...

User Type = External User

Using this option, you must enter the email address into the external user column, along with the required comments and date parameters.

...

Tip

Enter comma-separate emails for more than one.

...

How To: Suppress Problems

...

How To: Unsuppress Problems

Using a global action option, you can unsuppress a previously suppressed Problem either one record at a time or in mass.

...

Need Support?

Contact our support team by sending an email to support@connectsecure.com or by visiting our Partner Portal, where you can create, view, and manage your tickets.

https://cybercns.freshdesk.com/en/support/login

...