Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This is your view of all vulnerabilities for the selected company. This includes the application, operating system, registry, and network-based vulnerabilities in one spot, organized by our Problem Groups.

...

Vulnerabilities are grouped by our Problem Group Names automatically, based on their classification(s).

...

Additional security checks are also done for drivers, registry, and suppressed records.

...

Company Vulnerabilities - Table of Contents

Table of Contents
minLevel1
maxLevel6
include
outlinefalse
indent
excludeCompany Vulnerabilities - Table of Contents
typelist
class
printablefalse

...

Company Vulnerabilities - Overview

The data is organized by Problem Group Category, Affected Assets, Suppressed Records, and Auto Suppressed Records.

...

Tap on the CVE-ID in the Problem Name field to see the NIST/NVD source reference.

...

Company Vulnerabilities - Details

Problem Group Name

The system automatically classifies discovered vulnerabilities into the specific Problem Group Names in the table below.

Problem Group Name

Description / Use Case

0.85 > EPSS >= 0.90

Vulnerabilities grouped by EPSS Scoring >=85/90%

0.90 > EPSS >= 0.85

Vulnerabilities grouped by EPSS Scoring >=90/95%

0.95 > EPSS >= 0.90

Vulnerabilities grouped by EPSS Scoring >=90/95%

Antivirus Not Installed

Antivirus is not installed on the Asset

Backup Not Performed

Backup Agent is not installed on the Asset

CISA Notified Vulnerabilities

Vulnerabilities grouped by CISA classification; source CISA.GOV

Critical Vulnerabilities

Vulnerabilities grouped by severity of Critical

Database Vulnerabilities

Vulnerabilities grouped by classification of database

EPSS >= 0.95

Vulnerabilities grouped by EPSS Scoring >=95%

Firewall Misconfiguration

Vulnerabilities grouped by classification of firewall misconfigure

High Severity Vulnerabilities

Vulnerabilities grouped by severity of High

Information Disclosure

Vulnerabilities grouped by classification of information disclosure

Informational

This information captured is for information purpose

Low Severity Vulnerabilities

Vulnerabilities grouped by severity of Low

Mail Vulnerabilities

Vulnerabilities grouped by classification of e-mail

Medium Severity Vulnerabilities

Vulnerabilities grouped by severity of Medium

Operating System out of Support

The operating system has reached the End Of its Support

Remote Access Vulnerabilities

Vulnerabilities grouped by classification of remote access

Remote Login Vulnerabilities

Vulnerabilities grouped by classification of remote login

Running Services

Vulnerabilities grouped by classification of running services

SMB Vulnerabilities

Vulnerabilities related to SMB

SSL Certificate Info

SSL Certificate information

SSL/TLS Vulnerabilities

SSL/TLS-related Vulnerabilities

Web Server Fingerprint

Vulnerabilities grouped by classification of web server fingerprint

...

Problem Details

This screen gives detailed information about the selected Problem Group Name vulnerabilities. It includes Problem Name, Assets, Severity, Software, Ports, Script Output, Base, EPSS, Exploitability, Impact, Ticket ID, and Description fields.

...

Field

Description

Problem Name

Displays the unique CVE-ID or similar based on the vulnerability; click the link to see the NIST/NVD sourcing.

Software

Displays the name of the affected software

Ports

Displays any affected port(s)

Script Output

Displays any script outputs from the ConnectSecure evidence

Base

Displays the CVSS Base Score

EPSS

Displays the EPSS Score

Exploitability

Displays the Exploitability Score

Description

Displays the full description with details about the discovered vulnerability

Assets

Displays the number of assets; click to view additional details

Score

Displays the Base Score, EPSS Score, Exploitability Score, and Impact Score values based on the selected CVE-ID

Severity

Displays the severity of the selected vulnerability

Problem Name

This includes the unique CVE-ID or vulnerability description, with a link to the threat source.

...

Click on the CVE-ID value to be directed to the source.

...

Description

Includes the full description of the vulnerability.

...

Assets

Displays the number of assets associated with the selected vulnerability.

...

Score

Displays scores based on the vulnerability, including Base Score, EPSS Score, Exploitability Score, and Impact Score details.

...

Company Vulnerabilities - Toolbar Actions

The action toolbar contains opinions for Integration Action, Jobs, Alerts, Info, and Help Link.

...

Integration Action

Info

It is necessary to set up an integration before use. This will allow you to take any discovered vulnerability and send it through the integration as a call to action.

  • IE: Create a ticket in your PSA

  • IE: Send email to your support email distribution group

  • IE: Post a message to a Teams/Slack channel

...

The ticket ID is not filled in, and a hyperlink to the ticket is in this example.

...

Jobs

Tap to view Scan Job(s) historical data.

...

Alerts

Set a date range to view the System Events and asset timeline.

...

Info

Tap to view the Getting Started wizard; see the link below for additional information.

V4 Getting Started In App Info

...

Tap to view the corresponding Company Problems KB.

...

Need Support?

Contact our support team by sending an email to support@connectsecure.com or by visiting our Partner Portal, where you can create, view, and manage your tickets.

...