Vulnerabilities
  • 01 Dec 2022
  • 5 Minutes to read
  • Dark
    Light
  • PDF

Vulnerabilities

  • Dark
    Light
  • PDF

Use the Vulnerability Management Module to see a consolidated view of all the vulnerabilities in the organization, from all sources. The Vulnerabilities page delivers increased visibility into cybersecurity vulnerabilities. It helps security, IT, and risk teams identify vulnerabilities across fleets of devices, enabling them to prioritize vulnerabilities based on asset criticality, potential impact, and recognized threats.

A vulnerability is a software defect that could allow hackers to gain control of a system. Axonius presents vulnerabilities as defined by the Common Vulnerabilities and Exposures (CVE) list. Axonius discovers vulnerabilities by extracting CVE information fetched from adapters.

Click the Vulnerabilities icon VuliconN.png to open the Vulnerabilities page.

VulnPageNew

Use Vulnerabilities to see the aggregated vulnerability data.

Vulnerability data is presented by a vulnerability ID in the Vuln ID column. It can be presented either by a CVE ID or by a Vulnerability ID.

  • CVE ID - When vulnerability information appears with a CVE ID, then this vulnerability is a CVE type. Click the CVE ID link to learn more about the vulnerability and how to remediate it.
  • Vuln ID - Vulnerability information appears with an ID without a CVE prefix. This means that the vulnerability isn't a CVE type and the vulnerability information is presented without the CVE enrichment information.

You can add the CWE ID column to view corresponding vulnerabilities appearing in the Common Weakness Enumeration (CWE) list. Click a specific CWE ID link to learn more about the vulnerability and how to remediate it.

The Adapter Connections column shows which adapter source the vulnerabilities come from. The Device Count shows the number of devices affected by this vulnerability. When you click on Device Count, the Devices page opens with the devices affected by this vulnerability.

The Vulnerabilities module uses the Axonius Static Analysis StatisAnalysisicon.png adapter to fetch software vulnerabilities details, as defined in the NIST NVD database.

In addition, Axonius enriches vulnerabilities information from your connected adapters with additional details from the CISA Known Exploited Vulnerabilities (KEV) Catalog. This is indicated in the Vulnerabilities module by the CISA CISA_logo_50x50 logo. When relevant, the CISA fields and information are available for viewing and querying in the Vulnerabilities module and Devices module.

Note:

Only CVEs that are part of the CISA KEV Catalog will be enhanced.

Click the arrow next to any of the fields to see more details about that field, including which adapter connection obtained the information. Not all fields are displayed by default. Use Edit Columns to add or remove columns. Refer to Setting Page Columns Display.

CVE Vector Information

You can view CVE Vector information by adding the fields to the Vulnerabilities page.

The following fields are available:

Vector Available in CVSS Version Notes
CVE Vector: Access Complexity 2.X Describes whether the access complexity is low, medium, or high
CVE Vector: Access Vector 2.X Describes whether the Access Vector is local or on a network
CVE Vector: Attack Complexity 3.X
CVE Vector: Attack Vector 3.X
CVE Vector: Authentication 2.0 Returns None if no CVE Vector Authentication exists
CVE Vector: Availability
CVE Vector: Confidentiality
CVE Vector: Integrity
CVE Vector: Privileges Required 3.X Reports whether privileges or required, and what level, if known
CVE Vector: Scope 3.X
CVE Vector: User Interaction 3.X
CVE Vector: Version 3.1, 3.0, 2.0


Creating Queries on Vulnerabilities

The Query Wizard on the Vulnerabilities page allows you to create a unique set of queries. Vulnerabilities queries are created on two levels. The first level of the query focuses on vulnerability parameters. You can query fields such as the CVSS score, severity, or attack vector. The second level queries devices, such as operating system, installed software, or the last update date. Use these queries to find out which critical vulnerabilities exist and whether they impact critical assets in your environment. Or, how many vulnerabilities exist, and whether they appear on devices with open ports, or that have a specific patch applied.
To configure the Query Wizard on the Vulnerabilities page

  1. Build a query on a Vulnerability field on the table, such as CVSS Score.
  2. Filter the vulnerabilities displayed by a Device query, and thus only show the vulnerabilities in your environment by a defined Device query, for instance Public IPs exist.

After running the query, the table shows the vulnerabilities queried, filtered by the devices they affect.
For example, show vulnerabilities with the CVSS score over 8, only on devices where the operating system is Windows.

Vulnerability query.png

Note:

You don't have to fill in the Device section of the query to find vulnerabilities in your environment.

Saving Queries

  • Click Save As to save the query.
  • When you click Saved Queries and open the Queries page, the vulnerabilities queries you created are displayed on the Queries page, filtered by Vulnerabilities.

VulnerabilitesSavedQuery.png

Refer to Creating Queries with the Queries Wizard to learn more about creating queries.


Exporting Vulnerability Data to CSV

You can export the Vulnerability data to CSV. Refer to Exporting Device and User Data to CSV.


Adding Tags to Vulnerabilities

Use tags to assign context to your assets for granular filters and queries. Apply new or existing tags to the selected vulnerabilities. The list of selected tags is applied to all selected vulnerabilities. Hence, tagging may result in the removal of existing tags from one or from several of the selected vulnerabilities.

  • "New" is displayed when you add new tags.

TagVulnerabilities_AddNew

To add tags

  1. On the Vulnerabilities page, select one or more checkboxes next to the vulnerabilities that you want to tag. When at least one vulnerability is selected, the Actions menu above the Vulnerabilities table is available.

Tag_Vulnerabilities

  1. From the Actions menu, select Tag. The Tag Vulnerability dialog opens.

  2. Select an existing tag or add a new tag.

  3. To add a new tag, enter the tag name and select Add New.

  4. Click Save. The new tag name is displayed with a label New next to it.

Clearing Tags from Vulnerabilities

You can clear tags from vulnerabilities.
To clear tags from vulnerabilities

  1. Select one or more vulnerabilities.
  2. From the Actions menu, select Tag. The Tag Vulnerability page opens.
  3. The tags on the vulnerabilities are shown as selected.

TagVulnerability2

  1. Clear the option and click Save. The tags are now removed from the selected vulnerabilities.



Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.