Risks & Vulnerabilities: Vulnerabilities
Across our environment we have hundreds of devices, spanning IT and OT, and they have hundreds of CVEs. Where do we even begin creating a patch management plan?
-
Navigate to
Risks & Vulnerabilities>Vulnerabilities. -
Every unique vulnerability in the environment is listed on this page.
- However, not every vulnerability is relevant/ confirmed.
- However, not every vulnerability is relevant/ confirmed.
-
Filter the vulnerability list by Confirmed under Vulnerability Relevance.
- By how much does the new number of results differ from the unfiltered number?
- By how much does the new number of results differ from the unfiltered number?
-
Sort by CVSS V3 Score or EPSS score and select an Actively Exploited vulnerabiltiy to go to its page.
-
The top two sections of the page give a description of the vulnerability, as well as additional information about it, like the release date. At the bottom of the page is a list of every asset in the environment with the vulnerability.
- Each asset has a Status column where the vulnerability on that asset can be marked as Accept(ed), Irrelevant, Manually Fixed, or Open (default). Users can also be assigned to deal with the vulnerability for that asset.
- Each asset has a Status column where the vulnerability on that asset can be marked as Accept(ed), Irrelevant, Manually Fixed, or Open (default). Users can also be assigned to deal with the vulnerability for that asset.
REFLECTION
Section titled “REFLECTION”- How can the vulnerabilities page be used to determine the most relevant and critical vulnerabilities?
- How should these vulnerabilities be evaulated, and in what order?
- How can filters be used to filter out “noise”.
Consider the following filter:
| Filter | Value |
|---|---|
Class | OT |
Affected Assets | Only Show Affected Assets |
Actively Exploited | Only Actively Exploited |
Vulnerability Relevance | Confirmed |