V4 Vulnerability Problem Groups
- Ryan Seymour
Problem Group Overview
ConnectSecure classifies all discovered vulnerabilities into our Problem Groups. These categories are available at the various Problems and Vulnerabilities screens in the portal.
Here is an example of what we are referring to:
Problem Group Details
Problem Group Name | Problem Group Type | Severity | Weightage (Risk Scoring) |
|---|---|---|---|
Critical Vulnerabilities | Vulnerability | Critical | 0.9 |
High Severity Vulnerabilities | Vulnerability | High | 0.8 |
Medium Severity Vulnerabilities | Vulnerability | Medium | 0.5 |
Low Severity Vulnerabilities | Vulnerability | Low | 0.3 |
SMB Vulnerabilities | Network vulnerabilities | Critical | 0.9 |
SSL/TLS Vulnerabilities | Network vulnerabilities | High | 0.8 |
SSL Certificate Info | Network vulnerabilities | Low | 0.1 |
Running Services | Network vulnerabilities | Low | 0.1 |
Web Server Fingerprint | Network vulnerabilities | Low | 0.3 |
Remote Login Vulnerabilities | Network vulnerabilities | Critical | 0.8 |
Information Disclosure | Network vulnerabilities | Low | 0.3 |
Antivirus Not Installed | Asset problems | High | 0.7 |
Backup Not Performed | Asset problems | High | 0.8 |
Firewall Misconfiguration | Asset problems | Critical | 0.95 |
Operating System Out Of Support | Asset problems | High | 0.7 |
User Password Never Expires | AD Problems | High | 0.8 |
User Password Not Required | AD Problems | High | 0.95 |
Active Users Not Logged In For 30 Days | AD Problems | High | 0.5 |
MFA Not Enabled For Azure Users | AD Problems | High | 0.7 |
CISA Notified Vulnerabilities | Vulnerabilities Exploit | Critical | 1 |
EPSS >= 0.95 | Vulnerabilities Exploit | Critical | 1 |
0.95 > EPSS >= 0.90 | Vulnerabilities Exploit | High | 0.75 |
0.90 > EPSS >= 0.85 | Vulnerabilities Exploit | Medium | 0.5 |
0.85 > EPSS >= 0.90 | Vulnerability | Low | 0.3 |
Database Vulnerabilities | Network vulnerabilities | Critical | 0.8 |
Mail Vulnerabilities | Network vulnerabilities | Critical | 0.8 |
Remote Access Vulnerabilities | Network vulnerabilities | Critical | 0.9 |
User Account Lockouts | AD Problems | Low | 0.35 |
Failed Login Attempts | AD Problems | Low | 0.35 |
Empty Security Groups | AD Problems | High | 0.1 |
Non-Security Enabled Groups | AD Problems | High | 0.1 |
Multiple Administrators In OU | AD Problems | High | 0.8 |
Computer Not Logged In For 30 Days | AD Problems | High | 0.95 |
Password Policy Compliance | AD Problems | High | 0.8 |
Informational | Network vulnerabilities | Info | 0 |