New! Features that Will Improve Your Vulnerability Prioritization

Andrea Bailiff-Gush    March 5, 2015

Today, we’re announcing new statuses, filters and displays that will impact how you sift through scan data, prioritize vulnerabilities and communicate with your team.

New! Vulnerability Statuses

We’ve added two new vulnerability statuses that will make it even easier for your team to track the lifecycle of a vulnerability: risk accepted & false positive. These statuses are flagged by the end user and can be assigned to an individual vulnerability, or to many at once.

New Vulnerability Status Filters

To assign a vulnerability as either risk accepted or as a false positive, navigate to the Home tab, select a vulnerability from the list, and then select the status from the dropdown dropdown. You can also flag the status of vulnerabilities in bulk right in the table.

Edit Vulnerability Status in Bulk

Note that risk accepted vulnerabilities and false positives will not affect the risk meter score (as only open vulnerabilities are counted). Assigning vulnerabilities with one of these new statuses ensures that your score is only affected by active, open vulnerabilities.

New! “Found” Date Display:

Let’s say that you wanted to know when your risk-accepted vulnerabilities were originally discovered. Simply filter your view by risk-accepted, and then select to display the “Found” date by using the Display dropdown.

Including the Found On Date in Vulnerability Details

Now let’s say that you wanted to track and manage the vulnerabilities that have been Risk Accepted. Select the Export this View dropdown, and a CSV export of your risk-accepted vulns will appear, including the Found date (also New!).

XML Report with Found On Date

Displaying and reporting on the date found will inform your team of the length of time since discovery, and will provide another decisioning factor for prioritization based on age.

Filter by Port:

You can also now filter your vulnerabilities by the port(s) on which they were discovered. Select the port(s) of interest in the Vulnerability Filters sidebar, and right away the table will filter out the vulnerabilities unassociated with those port(s).

Port Filter

Give these new vulnerability features a spin by heading over to your Risk I/O instance. We think you’ll appreciate the time saved parsing through your vulnerability data and the peace of mind that comes with improving your full picture of risk. And if you don’t already have a Risk I/O account, you can create one for free.

Leave a Reply

Your email address will not be published. Required fields are marked *