- 20 Mar 2023
- 5 Minutes to read
- Updated on 20 Mar 2023
- 5 Minutes to read
Use the Vulnerability Management Module to see a consolidated view of all the vulnerabilities in the organization, from all sources. The Vulnerabilities page delivers increased visibility into cybersecurity vulnerabilities. It helps security, IT, and risk teams identify vulnerabilities across fleets of devices, enabling them to prioritize vulnerabilities based on asset criticality, potential impact, and recognized threats.
A vulnerability is a software defect that could allow hackers to gain control of a system. Axonius presents vulnerabilities as defined by the Common Vulnerabilities and Exposures (CVE) list. Axonius discovers vulnerabilities by extracting CVE information fetched from adapters.
Some adapters, such as Tenable.sc, require selecting the Fetch Vulnerabilities option before viewing their vulnerabilities information in the Vulnerabilities Management module.
Click the Vulnerabilities icon to open the Vulnerabilities page.
Use Vulnerabilities to see the aggregated vulnerability data.
Vulnerability data is presented by a vulnerability ID in the Vuln ID column. It can be presented either by a CVE ID or by a vulnerability identifier provided by some adapters.
When vulnerability information appears with a CVE ID, then this vulnerability is a CVE type. Click the CVE ID link to learn more about the vulnerability and how to remediate it.
When vulnerability identifier information that isn't a CVE type is fetched from an adapter, such as from a Tenable adapter, the vulnerability information appears with an ID without a CVE prefix. When a link is available for a specific vulnerability identifier, you can click it to learn more about the vulnerability and how to remediate it.
For supported adapters that fetch "non-CVE" vulnerability identifier information:
- A prefix of the adapter appears before the value displayed in the Vuln ID column.
- An optional Is CVE column displays ‘No’ for non-CVE vulnerabilities and ‘Yes’ for CVE vulnerabilities.
You can add the CWE ID column to view corresponding vulnerabilities appearing in the Common Weakness Enumeration (CWE) list. Click a specific CWE ID link to learn more about the vulnerability and how to remediate it.
The Adapter Connections column shows which adapter source the vulnerabilities originate. The Device Count shows the number of devices affected by this vulnerability. When you click on Device Count, the Devices page opens with the devices affected by this vulnerability.
The Vulnerabilities module uses the Axonius Static Analysis adapter to fetch software vulnerabilities details, as defined in the NIST NVD database.
In addition, Axonius enriches vulnerabilities information from your connected adapters with additional details from the CISA Known Exploited Vulnerabilities (KEV) Catalog. This is indicated in the Vulnerabilities module by the CISA logo. When relevant, the CISA fields and information are available for viewing and querying in the Vulnerabilities module and Devices module.
Only CVEs that are part of the CISA KEV Catalog will be enhanced.
Click the arrow next to any of the fields to see more details about that field, including which adapter connection obtained the information. Not all fields are displayed by default. Use Edit Columns to add or remove columns. Refer to Setting Page Columns Display.
CVE Vector Information
You can view CVE Vector information by adding the fields to the Vulnerabilities page.
The following fields are available:
|Vector||Available in CVSS Version||Notes|
|CVE Vector: Access Complexity||2.X||Describes whether the access complexity is low, medium, or high|
|CVE Vector: Access Vector||2.X||Describes whether the Access Vector is local or on a network|
|CVE Vector: Attack Complexity||3.X|
|CVE Vector: Attack Vector||3.X|
|CVE Vector: Authentication||2.0||Returns None if no CVE Vector Authentication exists|
|CVE Vector: Availability|
|CVE Vector: Confidentiality|
|CVE Vector: Integrity|
|CVE Vector: Privileges Required||3.X||Reports whether privileges or required, and what level, if known|
|CVE Vector: Scope||3.X|
|CVE Vector: User Interaction||3.X|
|CVE Vector: Version||3.1, 3.0, 2.0|
Creating Queries on Vulnerabilities
The Query Wizard on the Vulnerabilities page allows you to create a unique set of queries. Vulnerabilities queries are created on two levels. The first level of the query focuses on vulnerability parameters. You can query fields such as the CVSS score, severity, or attack vector. The second level queries devices, such as operating system, installed software, or the last update date. Use these queries to find out which critical vulnerabilities exist and whether they impact critical assets in your environment. Or, how many vulnerabilities exist, and whether they appear on devices with open ports, or that have a specific patch applied.
To configure the Query Wizard on the Vulnerabilities page
- Build a query on a Vulnerability field on the table, such as CVSS Score.
- Filter the vulnerabilities displayed by a Device query, and thus only show the vulnerabilities in your environment by a defined Device query, for instance Public IPs exist.
After running the query, the table shows the vulnerabilities queried, filtered by the devices they affect.
For example, show vulnerabilities with the CVSS score over 8, only on devices where the operating system is Windows.
You don't have to fill in the Device section of the query to find vulnerabilities in your environment.
- Click Save As to save the query.
- When you click Saved Queries and open the Queries page, the vulnerabilities queries you created are displayed on the Queries page, filtered by Vulnerabilities.
Refer to Creating Queries with the Queries Wizard to learn more about creating queries.
Exporting Vulnerability Data to CSV
You can export the Vulnerability data to CSV. Refer to Exporting Device and User Data to CSV.
Adding Custom Data to Vulnerabilities
You can add custom fields to one or more Vulnerabilities at the same time.
Select one or more Vulnerabilities and from the Actions menu choose Add Custom Fields.
Refer to Working with Custom Data to learn about adding custom fields.
Adding Tags to Vulnerabilities
Use tags to assign context to your assets for granular filters and queries. Apply new or existing tags to the selected vulnerabilities. The list of selected tags is applied to all selected vulnerabilities. Hence, tagging may result in the removal of existing tags from one or from several of the selected vulnerabilities.
- "New" is displayed when you add new tags.
To add tags
- On the Vulnerabilities page, select one or more checkboxes next to the vulnerabilities that you want to tag. When at least one vulnerability is selected, the Actions menu above the Vulnerabilities table is available.
From the Actions menu, select Tag. The Tag Vulnerability dialog opens.
Select an existing tag or add a new tag.
To add a new tag, enter the tag name and select Add New.
Click Save. The new tag name is displayed with a label New next to it.
Clearing Tags from Vulnerabilities
You can clear tags from vulnerabilities.
To clear tags from vulnerabilities
- Select one or more vulnerabilities.
- From the Actions menu, select Tag. The Tag Vulnerability page opens.
- The tags on the vulnerabilities are shown as selected.
- Clear the option and click Save. The tags are now removed from the selected vulnerabilities.