Download PDF
Download page Monitor Vulnerabilities.
Monitor Vulnerabilities
An application registered with Cisco Secure Application is scanned and continuously monitored for vulnerabilities. The Vulnerabilities page displays the list of all the scanned vulnerabilities.
When vulnerabilities are detected, a user with Configure permission can prioritize the vulnerabilities and change the status based on the details on this page.
This image shows you the scanned vulnerabilities on the Vulnerabilities page:
By default, this page displays an overview of the selected application. For information about selecting a specific application or service, see Select Application Scope at Monitor Application Security Using Cisco Secure Application.
The top pane includes these charts:
Chart | Description |
---|---|
OPEN | This pie chart represents the total number of open vulnerabilities. Open vulnerabilities are vulnerabilities that currently exist in the runtime application, which are not patched or fixed yet and are not explicitly marked Ignored by the user. The chart displays the number of vulnerabilities based on the following severity:
Hover on the required severity to view the number of open vulnerabilities with that severity. If you require all the charts in the pane to display based on a specific severity, click the severity on the pie chart. To return back to the complete chart, click the same severity again. |
LIFESPAN | This chart displays the number of days the vulnerability is open versus the severity of the vulnerability (critical, high, medium, or low) |
TREND | This chart displays the number of open tickets versus the number of fixed tickets. This shows the trend of fixing the open vulnerabilities. |
The bottom pane includes different fields and corresponding columns that provide details of the vulnerabilities:
- Use the Search filter to search based on the Vulnerability, Package Language, CWE, Severity, Application, Tiers, Existing Libraries and Status values. For more information about the Search filter, see View Data Using Search Filter in Monitor Application Security Using Cisco Secure Application.
- There are few options such as Set Status and Set Severity that are available only if you have the Configure permissions for Cisco Secure Application.
- Click a row to view the vulnerability details for the specific tier.
Name | Description |
---|---|
Vulnerability | The vulnerability name and Common Vulnerabilities and Exposure (CVE) identifier. You can click the name to view the details specific to that CVE. |
CWE | The Common Weakness Enumeration ID for the corresponding vulnerability. |
Package Language | The Application package language. Currently Cisco Secure Application supports only Java and .NET Agents. Therefore the value of this field is Java or .Net. |
Severity | The severity level of the corresponding vulnerability. The warning icon () next to a severity indicates that the exploit is detected in your application. You can click this icon to view the attack details page. The red icon () next to a severity indicates that this exploit is detected somewhere else in the Secure Application network. If you have Configure permission, you can change the severity by selecting the checkbox next to required vulnerabilities, and then click Set Severity to choose the appropriate severity. You can sort this column alphabetically. |
Application | The name of the affected application. |
Tier (Nodes) | The services or the tiers affected because of the corresponding vulnerability. The number in parenthesis indicates the number of nodes. |
Existing Libraries | The libraries that exists in the corresponding application and tier. You can click the value in this field to view the list of all the vulnerabilities that impacts this library in the Libraries detail view. |
First Detected | The time elapsed after the vulnerability was first detected. |
Risk | The risk score of the vulnerability. This helps in prioritizing the affected services. |
Status | The status of the corresponding vulnerability. The status value can be:
The status Ignored can be updated by the developer with Configure permission for Cisco Secure Application. If you have Configure permissions, you can select the vulnerabilities using the checkbox, and then set the status by using the Set Status option. Without Configure permission, the Set Status option is unavailable. |
View Vulnerability Details
To prioritize vulnerabilities, you may require additional information. Click a vulnerability row to view detailed information about a vulnerability. The vulnerability details view is displayed.
The top pane displays the following details:
Field Name | Description |
---|---|
Title | The name of the vulnerability. |
CWE | The Common Weakness Enumeration ID for the corresponding vulnerability. |
Reported Severity | The severity of the vulnerability, which can be critical, high, medium, or low. |
CVSS3 Vector String | The metric values that is used for Common Vulnerability Scoring System (CVSS). |
Description | Details of the vulnerability. |
First/Last seen | The timeframe when the vulnerability was first detected and when the vulnerability was last detected. |
Remediation | The recommended remediation action. In the case of a vulnerable library, the version(s) to upgrade the library for remediation. Click on show all <count of versions> to view all the recommended remediation versions. |
Vulnerability Notes | If you have the Configure permission, you can add the notes under Vulnerability Notes. You can use the copy icon to copy the notes, if required. |
The bottom pane displays the following details:
Field Name | Description |
---|---|
Application | Name of the affected application. |
Tier (Nodes) | The services or the tiers that are affected because of the selected vulnerability. The number indicates the number of affected nodes. |
Severity | The severity of the vulnerability. You can edit the severity if you have Configure permission. |
Existing Libraries | The library affected because of the vulnerability. You can click the library to view the details of the library. See Monitor Libraries. |
Risk | The risk score of the vulnerability. This helps in prioritizing the affected services. A higher risk score indicates that the corresponding library on the corresponding service is at risk. |
First Detected | The time elapsed since the vulnerability is detected. |
Status | The status of the selected vulnerability. The status value can be:
If you have Configure permissions, you can select the rows using the checkbox, and then set the status by using the Set Status option. Without Configure permission, the Set Status option is unavailable. The Discovered and Fixed status are automatically detected based on the libraries used in the application. |
Note | Under Note, if you have the Configure permission, you can select required checkboxes and then use the Note option to add notes. |