Vulnerabilities
- Ryan Seymour
You can find this module at the Global and Company levels.
This is the single spot where all the discovered problems and vulnerabilities across all categories will be displayed with sorting and filtering options. The table data will load the operating system with the most data and the Critical Severity problem group by default.
Visit our YouTube Channel for more video content: https://www.youtube.com/@connectsecure
Table of Contents
Vulnerabilities - Details
Access the Vulnerabilities from the Vulnerabilities category.
Data is filtered by default to Internal Vulnerabilities, Windows OS, and Critical Severity. You can cycle between the filters to view data according to your preferences.
Internal Vulnerabilities = discovered on the assets directly from agent scanning
External Vulnerabilities = discovered on external assets from probe network scanning, external scanning, or attack surface mapper scanning.
Problem Category Groups
Here are the default problem category groups that discovered problems will automatically go into.
Problem Group Name | Description / Use Case |
|---|---|
0.85 > EPSS >= 0.90 | Vulnerabilities grouped by EPSS Scoring >=85/90% |
0.90 > EPSS >= 0.85 | Vulnerabilities grouped by EPSS Scoring >=90/95% |
0.95 > EPSS >= 0.90 | Vulnerabilities grouped by EPSS Scoring >=90/95% |
Antivirus Not Installed | Antivirus is not installed on the Asset |
Backup Not Performed | Backup Agent is not installed on the Asset |
CISA Notified Vulnerabilities | Vulnerabilities grouped by CISA classification; source CISA.GOV |
Critical Vulnerabilities | Vulnerabilities grouped by severity of Critical |
Database Vulnerabilities | Vulnerabilities grouped by classification of database |
EPSS >= 0.95 | Vulnerabilities grouped by EPSS Scoring >=95% |
Firewall Misconfiguration | Vulnerabilities grouped by classification of firewall misconfigure |
High Severity Vulnerabilities | Vulnerabilities grouped by severity of High |
Information Disclosure | Vulnerabilities grouped by classification of information disclosure |
Informational | This information captured is for information purpose |
Low Severity Vulnerabilities | Vulnerabilities grouped by severity of Low |
Mail Vulnerabilities | Vulnerabilities grouped by classification of e-mail |
Medium Severity Vulnerabilities | Vulnerabilities grouped by severity of Medium |
Operating System out of Support | The operating system has reached the End Of its Support |
Remote Access Vulnerabilities | Vulnerabilities grouped by classification of remote access |
Remote Login Vulnerabilities | Vulnerabilities grouped by classification of remote login |
Running Services | Vulnerabilities grouped by classification of running services |
SMB Vulnerabilities | Vulnerabilities related to SMB |
SSL Certificate Info | SSL Certificate information |
SSL/TLS Vulnerabilities | SSL/TLS-related Vulnerabilities |
Web Server Fingerprint | Vulnerabilities grouped by classification of web server fingerprint |
Problem Groups are how the ConnectSecure portal will automatically categorize discovered vulnerabilities.
Tap the CVE-ID in the Problem Name field for the NIST/NVD source reference.
Use the three-dot Action menu to access the ‘Suppress’ option.
You can do this in mass by selecting multiple records and tapping the Global Actions button.
Use the column buttons to view the additional details.
This includes the Affected Companies, Affected Assets, Suppressed Records, and Auto Suppressed Records.
Suppressed Records = manually suppressed using a three-dot Action menu or Global Actions.
Auto Suppressed = automatically suppressed based on ‘Suppress Vulnerabilities Days' settings.
The second bottom half of the screen contains a table of additional problems/vulnerabilities discovered by the scanning agents. This includes Registry and Driver-based checks.
Like the above half, you can tap between the buttons to see Remediated and Suppressed records.
Suppress
Use the three-dot Action menu or checkboxes with Global Action to suppress any of the records.
Integration Action
This is only available at the Company level.
It is necessary to set up an integration before use. This will allow you to take any discovered vulnerability and send it through the integration as a call to action.
IE: Create a ticket in your PSA
IE: Send email to your support email distribution group
IE: Post a message to a Teams/Slack channel
Select the three-dot Action menu or check the box to access Global Actions, then tap the Integration Action option.
You can choose one based on your configured integrations and then select an action.
Complete the required fields based on the selected integration to complete.
Vulnerabilities - Toolbar Options
Internal Vulnerabilities
Filters the table data to show internal vulnerabilities sourced directly from the agent data on local assets.
External Vulnerabilities
Filters the table data to show the external vulnerabilities sourced from the probe agent, network scans, or external scans.
Jobs
View the job details.
Alerts
View our timeline style of System Events captured for each company. You can set an optional date filter range to target a specific date range of events.
Info
Tap here to view your V4 Getting Started Info.
Help Link
Click to access the related documentation page; this link is functional on all screens and will take you to the appropriate documentation page.
Layout Settings
Here, you can change the UI look and feel using various options, including the Theme for color, the Scheme for dark and light mode, the Layout for toolbar and module positions, and the toggle to set the table view default.
I prefer the Teal color, Light mode, and Classic layout with an asset table view.
Get Support
Our support team is here to help. Use one of three options to start a support request.
Email to support@connectsecure.com
Login to our Freshdesk partner portal at https://cybercns.freshdesk.com
