Vulnerability Management

Common Vulnerabilities and Exposures (CVEs) in your environment can greatly increase risks to your business. Panoptica's Vulnerability Management solution takes the security findings and vulnerabilities found during our CVE scans, and filters them through our prioritization engine—giving you the context you need to understand and prioritize the most urgent threats to your resources.

Panoptica's agentless scanning process takes snapshots of running instances and container images, and mounts those snapshots to scan them for any CVEs and malware findings. Panoptica can also integrate CVE findings from third-party tools, providing the same level of prioritization on both sets, thanks to our graph-based technology.

Go to the Vulnerability Management tab under Threats and Vulnerabilities in the Panoptica console UI to view all of the CVEs Panoptica has identified in your environment.

Filter and Search

Use the Top Bar Filter to narrow down the findings across the platform by Scope, and Account using the drop-down lists at the top. You can also select the time frame during which the CVE was last observed, from "Last 24 Hours" to "Last Month".

Fig 1. Top Bar Filter

You can further refine the results using predefined filters and open search.

  • Use the drop-down Filters option to narrow the results by: CVE Source, CVSS Severity, CVE Risks, Asset Risks, Assets Resource Type, Assets Service Type, Assets Region, Asset Name, CVE ID, or whether it's Prioritized
  • Use the Search bar to look for a text string from a CVE's name or description. To clear the search, click the ×.

Status Dashboard

The CVE Status dashboard is made up of three widgets that bubble up the most essential data regarding the vulnerabilities Panoptica has discovered, helping you focus on the CVEs that matter most.

  • The Top Unpatched Vulnerabilities widget lists the most critical security vulnerabilities that require patching. These are vulnerabilities that are known to be exploited by bad attackers, who could potentially use them to gain access to your systems and data.
    The number beside each CVE indicates the sum of assets affected by that vulnerability. Click on the CVE ID to filter all data by that vulnerability.
  • The Top Unpatched Workloads widget lists the workloads with the most security vulnerabilities that require patching.
    The number beside each workload indicates the sum of CVEs that have been detected in that workload. Click on the Asset Name to filter all data by the specific workload.
  • The Severity Breakdown widget presents vulnerabilities according to severity in two ways: the daily trend, and cumulation over time. Severity levels range from Critical (red) to Informational (gray).
    • The graph displays a daily count of vulnerabilities discovered in your environment. Hover over the graph to view the number of CVEs in each severity level on any given day.
    • The chart below the graph summarizes the Total number of CVEs discovered over the entire period displayed. The Trend column displays the percentage change in the number of vulnerabilities discovered since the previous day, with the arrows showing the trend: green indicates less discoveries; red indicates more.
      Click on any item in the Type column to filter all data by that security level.

Vulnerabilities Table

Below the widgets, Panoptica lists all of the CVEs Panoptica has identified in your environment, filtered according to your settings. The table can be sorted by: CVE ID, Severity, CVSS, CVE Risks (publicly exposed and/or known exploits), whether it is Prioritized, the number of Assets, whether there is a Fix available, or when it was Last Seen.

  • Select which columns are displayed by clicking the Columns button, in the upper right.
  • The list of CVEs can be downloaded in CSV format, for further review and analysis using Excel or any similar tool.

Click the three dots (•••) at the end of each line to open a drop-down list of actions you can perform on that CVE.

  • To share information about this vulnerability, click Share Link to copy the URL
  • To open a ticket in whichever Task Management you have configured in Panoptica, click Create a Ticket

CVE Details

Click on any row in the table to pop up additional information about that vulnerability in a side window.

The buttons at the top of the pop-up window enable specific actions on that asset:

  • Click Copy Link to retrieve a URL of the full asset page
  • Click Create Ticket to open a task in whichever Task Management you have configured in Panoptica: Atlassian Jira or ServiceNow.

The default Details tab provides a lot of the same information available in the Vulnerabilities Table, in addition to:

  • CVE Overview - a detailed description of the vulnerability's traits
  • Cisco Vulnerability Management score – Cisco Vulnerability Management factors both internal and external variables into a predictive model to calculate risk scores for each vulnerability. Formerly known as Kenna.VM, the Cisco Security Risk Score helps Cisco customers with an SBG hybrid suite license prioritize their remediation efforts.
  • Packages - where the CVE was found in your resources
  • First seen - when it was first observed in your environment
  • OWASP and SANS results, if relevant.
  • References - public resources, to learn more about this CVE

Assets Tab

Click Assets in the pop-up side window to view the list of assets in which this CVE was found.

The list of assets can be filtered by any column in the table: Service Category, Asset Name, Account

Click any Asset Name to open the Asset Details sideview window from Panoptica's Cloud Inventory feature. This enables you to dive deeper into the asset properties, source, health score, and more.

Click Show in Cloud Inventory at the bottom of the screen to open the Cloud Inventory tab filtered for these assets in a new browser tab.