Viewing the risk table

The risk table is displayed in the Risks and anomalies section of the application web interface window.

Risk settings are displayed in the following columns of the table:

• Category.

  The name of the risk category.

• Name.

  Risk name. For a risk of the Vulnerability category, the CVE ID of the detected vulnerability is used (if there is no CVE ID, an ID obtained from other public resources with vulnerability descriptions is displayed).

• CVE.

  For risks of the Vulnerability category: CVE ID of the detected vulnerability.

• BDU.

  For risks of the Vulnerability category: ID of the vulnerability in the BDU database. If multiple vulnerabilities with different BDU IDs correspond to one vulnerability with a CVE ID, the column lists all such IDs.

• Risk ID.

  Unique ID of the risk.

• Score.

  The calculated risk score. This numerical value determines the severity level of the risk. Depending on the severity level, the score can be displayed in one of the following colors:

  • Red for a High severity risk.
  • Yellow for a Medium severity risk.
  • Blue for a Low severity risk.

  For Active risks, the color of the score is bright. For Remediated or Accepted risks, the color of the score is faint.

  In the details area, this setting is called Base score.

• Side 1.

  Address information of one of the sides of the network interaction (indicated for some types of risks). The display of MAC and IP addresses can be turned on and off separately. If extra address spaces are added in the application, when configuring the risk table, you can enable or disable the display of address space names using the Show address spaces setting.

• Side 2.

  Address information of the other side of the network interaction (indicated for some types of risks). The display of address information can be configured the same way as the Side 1 column.

• Device group.

  Name of the group in which the device with the detected risk is placed (contains the name of the group itself and the names of all its parent groups).

• Device.

  Name and address of the device.

• Source.

  For risks of the Vulnerability category: the name of the source from which the information was uploaded into the database of known vulnerabilities. In the details area, this setting is called Source of vulnerability.

• Status.

  Current risk status. The following statuses are possible:

  • The Active status is assigned by default when the risk is first detected (as well as upon repeated detection if the risk had been assigned the Remediated status). You can also manually assign the Active status to a risk if its current status is Accepted.
  • The Remediated status is automatically assigned if the conditions for detecting the risk are no longer satisfied.
  • The Accepted status is assigned to a risk manually if the risk is assessed as insignificant or if the undertaken remediation actions did not result in the automatic assignment of the Remediated status.
• Detected at.

  Date and time when the risk was detected.

• Last status change.

  Date and time of the last risk status change.

• Matched CPE.

  For risks of the Vulnerability category: device descriptions stored in the database of known vulnerabilities. Descriptions that match the device information from the table of devices are listed here.

When viewing the risk table, you can configure, filter, search, and sort the files, as well as navigate to related items.

Page top