Download PDF
Download page Monitor Vulnerabilities.
Monitor Vulnerabilities
An application registered with Cisco Secure Application is scanned, and continuously monitored for vulnerabilities. The Vulnerabilities page displays the list of all the scanned vulnerabilities. When vulnerabilities are detected, a user with Configure permission can prioritize the vulnerabilities. There are few options such as Set Status, and Set Severity that are available only if you have the Configure permissions.
By default, this page displays an overview of the selected application. For information about selecting a specific application or service, see Select Application Scope at Monitor Application Security Using Cisco Secure Application. You can also use the Search filter to search based on the Vulnerability, Package Language, CWE, Severity, Application, Tiers, Libraries and Status values.
Vulnerabilities includes Last 1 Week, which displays data for last seven days.
The top, and bottom pane of the Vulnerabilities includes:
| Chart | Description |
|---|---|
Vulnerabilities By Severity | This chart represents the total number of vulnerabilities. The number of vulnerabilities based on the following severity: Critical, High, Medium, and Low. Hover on the required severity to view the number of open vulnerabilities with that severity. If you require all the charts in the pane to display based on a specific severity, click the severity on the pie chart. To return back to the complete chart, click the same severity again. |
| Severity Trend | This chart displays the number of open tickets versus the number of fixed tickets from the last 7 days. This shows the trend of fixing open vulnerabilities. |
| Days Since First Detected | This chart displays the number of days the vulnerability is open versus the severity of the vulnerability (critical, high, medium, or low). |
| Title | The name of the vulnerability. |
| ID | The Common Vulnerabilities and Exposure (CVE) identifier. You can click the name to view the details specific to that CVE. |
| Kenna Score | Kenna score provides an estimate of exploitation based on real-time events. These are the three statuses: Green 0-33, Amber 34-66, Red 67-100. |
| Reached | The application uses the vulnerable method as part of its code flow. A yellow icon is displayed in this column to indicate that a vulnerability method is matched. |
| CVSS Score | This score is based on the Common Vulnerability Scoring System (CVSS) with five severities: None 0-0, Low 0.1-3.9, Medium 4.0-6.9, High 7.0-8.9, Critical 9.0-10.0. |
| Application | Name of the affected application. |
| Tier (Nodes) | The services or the tiers affected because of the corresponding vulnerability. The number in parenthesis indicates the number of nodes. Click the flow map icon( Note that a node count of zero (0) means that a vulnerability isn't present in any of your active nodes. AppDynamics does not change the state of a fixed vulnerability to a confirmed vulnerability because that is a user-defined state. |
| Library | The library that exists in the corresponding application and tier. You can click the value in this field to view the list of all the vulnerabilities that impacts this library. |
| Last Detected | The time elapsed after the vulnerability was last detected. |
| Status | The status of the corresponding vulnerability. The status value can be:
The status Ignored can be updated by the developer with Configure permission for Cisco Secure Application. If you have Configure permissions, you can select the vulnerabilities using the checkbox, and then set the status by using the Set Status option. Without Configure permission, the Set Status option is unavailable. |
View Vulnerability Details
To prioritize vulnerabilities, you may require additional information. Click a vulnerability row to view detailed information about a vulnerability.
The top, and bottom pane of the vulnerability details view displays the following details:
| Field Name | Description |
|---|---|
Kenna Score | Kenna score provides an estimate of exploitation based on real-time events. These are the three statuses: Green 0-33, Amber 34-66, Red 67-100. |
| CVSS Score | This score is based on the Common Vulnerability Scoring System (CVSS) with five severities: None 0-0, Low 0.1-3.9, Medium 4.0-6.9, High 7.0-8.9, Critical 9.0-10.0. |
| Title | The name of the vulnerability. |
| ID | The Common Vulnerabilities and Exposure (CVE) identifier. You can click the name to view the details specific to that CVE. |
| CWE | The Common Weakness Enumeration ID for the corresponding vulnerability. |
| Publish Date | The date in which the details were published. |
| First / Last Seen | The timeframe when the vulnerability was first detected and when the vulnerability was last detected. |
| Type | The vulnerability type. |
| Remediation | The recommended remediation action. In the case of a vulnerable library, the version(s) to upgrade the library for remediation. Click on show all <count of versions> to view all the recommended remediation versions. |
| Overview | The overview of the vulnerability. |
| Application | Name of the affected application. |
| Tier (Nodes) | The services or the tiers affected because of the corresponding vulnerability. The number in parenthesis indicates the number of nodes. Click the flow map icon( Note that a node count of zero (0) means that a vulnerability isn't present in any of your active nodes. |
| Library | The library that exists in the corresponding application and tier. You can click the value in this field to view the list of all the vulnerabilities that impacts this library. |
| Reached | The application uses the vulnerable method as part of its code flow. A yellow icon is displayed in this column to indicate that a vulnerability method is matched. |
| Last Detected | The time elapsed since the vulnerability is detected. |
| Status | The status of the selected vulnerability. The status value can be:
If you have Configure permissions, you can select the rows using the checkbox, and then set the status by using the Set Status option. Without Configure permission, the Set Status option is unavailable.
The Detected and Fixed status are automatically detected based on the libraries used in the application. |
You can click the Export button to download the table data. It downloads all of the rows, columns, and related data in a .csv file. A separate .json file includes the following: link to the Cisco Secure Application website where the table is exported from, global filters (if any) applied to the pages, and search filters applied to the columns. These two files are compressed into a .zip file for downloading. The maximum number of rows that can be exported is 10,000. If table data exceeds 10,000 rows you may apply filters to narrow your search, or export the first 10,000 results.