Vulnerability Management

Common Vulnerabilities and Exposures (CVEs) in your environment can greatly increase risks to your business. Panoptica's Vulnerability Management solution takes the security findings and vulnerabilities found during our CVE scans, and filters them through our prioritization engine—giving you the context you need to understand and prioritize the most urgent threats to your resources.

Panoptica's agentless scanning process takes snapshots of running instances and container images, and mounts those snapshots to scan them for any CVEs and malware findings. Panoptica can also integrate CVE findings from third-party tools, providing the same level of prioritization on both sets, thanks to our graph-based technology.

Go to the Vulnerability Management tab under Threats and Vulnerabilities to view all of the CVEs Panoptica has identified in your environment.

Filter and Search

Use the Top Bar Filter to narrow down the findings across the platform by Scope, and Account using the drop-down lists at the top. You can also select the time frame during which the CVE was last observed.

Fig 1. Top Bar Filter

Top Bar Filter

You can further refine the results using predefined filters and open search.

  • Use the drop-down Filter option to narrow the results by: CVE Source, CVSS Severity, CVE Risks, Asset Risks, Assets Resource Type, Assets Service Type, Assets Region, Asset Name, CVE ID, or whether it's Prioritized
  • Use the Search bar to look for a text string from a CVE's name or description.
    To clear the search, delete any text in the field and click Search on an empty field.

Status Dashboard

The CVE Status dashboard is made up of three widgets that bubble up the most essential data regarding the vulnerabilities Panoptica has discovered, helping you focus on the CVEs that matter most.

  • The Top Unpatched Vulnerabilities widget lists the most critical security vulnerabilities that require patching. These are vulnerabilities that are known to be exploited by bad attackers, who could potentially use them to gain access to your systems and data.
    The number beside each CVE indicates the sum of assets affected by that vulnerability. Click on the CVE ID to filter all data by that vulnerability.
  • The Top Unpatched Workloads widget lists the workloads with the most security vulnerabilities that require patching.
    The number beside each workload indicates the sum of CVEs that have been detected in that workload. Click on the Asset Name to filter all data by the specific workload.
  • The Severity Breakdown widget presents the trend of vulnerabilities according to severity, over a period of time. The graph displays five levels of severity, from Critical (red) to Informational (gray).
    Below the trend chart is a table summarizing the number of CVEs by severity level. Click on a severity level in the table to filter all data by that severity.

Vulnerabilities Table

Below the widgets, Panoptica lists all of the CVEs Panoptica has identified in your environment, filtered according to your settings. The table can be sorted by: CVE ID, Severity, CVSS, CVE Risks (publicly exposed and/or known exploits), whether it is Prioritized, the number of Assets, whether there is a Fix available, or when it was Last Seen.

  • Select which columns are displayed by clicking the Columns button, in the upper right.
  • The list of CVEs can be downloaded in CSV format, for further review and analysis using Excel or any similar tool.

Click the three dots (•••) at the end of each line to open a drop-down list of actions you can perform on that CVE.

  • To share information about this vulnerability, click Share Link to copy the URL
  • To open a ticket in whichever Task Management you have configured in Panoptica, click Create Ticket

CVE Details

Click on any row in the table to pop up additional information about that vulnerability in a side window.

The buttons at the top of the pop-up window enable specific actions on that asset:

  • Click Copy Link to retrieve a URL of the full asset page
  • Click Create Ticket to open a task in whichever Task Management you have configured in Panoptica: Atlassian Jira or ServiceNow. Once created, you can track the status of the ticket directly from Panoptica.

The default Details tab provides a lot of the same information available in the Vulnerabilities Table, in addition to:

  • CVE Overview - a description of the vulnerability's traits
  • Packages - where the CVE was found
  • First seen - when it was first observed in your environment
  • OWASP and SANS results, if relevant.
  • References - public resources, to learn more about this CVE

Assets Tab

Click Assets in the pop-up side window to view the list of assets in which this CVE was found.

The list of assets can be filtered by any column in the table: Service Category, Asset Name, Account

Click any Asset Name to open the Asset Details sideview window from Panoptica's Cloud Inventory feature. This enables you to dive deeper into the asset properties, source, health score, and more.

Click Show in Cloud Inventory at the bottom of the screen to open the Cloud Inventory tab filtered for these assets in a new browser tab.