A vulnerability A known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security. is a weakness in your system, which reduces your system's information assurance. USM Anywhere helps you to define, identify, classify, and prioritize the vulnerabilities in your system.
USM Anywhere provides a centralized view of your vulnerabilities. Go to Environment > Vulnerabilities.
The vulnerabilities page displays information on vulnerabilities. On the left you can find the search and filters options. In the upper side of the page, you can see any filters you have applied, and you have the option to create and select different views of the vulnerabilities. The main part of the page is the actual list of vulnerabilities. Each row describes an individual vulnerability.
If you want to analyze the data, you can maximize the screen and hide the filter pane. Click the icon to hide the filter pane. Click the icon to expand the filter pane.
|Column Field Name||Description|
|Last Seen||Last date on which the vulnerability was seen in the asset. The displayed date depends on your computer's time zone.|
|Vulnerability ID||Displays the associated Common Vulnerabilities and Exposures (CVE The CVE system provides a method, using CVE IDs, to reference publicly known information security vulnerability and exposures in publicly released software packages and environments.) ID, in case of having it.|
Displays the name of the vulnerability.
|Labels||Label applied to the vulnerability. See Labeling the Vulnerabilities for more information.|
|Asset||This is the asset that is vulnerable.|
Indicates the severity of the vulnerability. Values are High, Medium, Low, and Under Analysis. See About Vulnerability Severity.
|Score||Displays the score in the Common Vulnerability Scoring System (CVSS Open framework for communicating the characteristics and severity of software vulnerabilities that helps to prioritize actions according to their threat.). See Common Vulnerability Scoring System SIG for more information.|
|First Seen||Detection date of the vulnerability in the asset. The displayed date depends on your computer's time zone.|
From the list of vulnerabilities, you can click any individual vulnerability row to display more information on the selected vulnerability. See Viewing Vulnerabilities Details for more information.
To select a vulnerability, select the check-box to the left of the vulnerability. You can select all vulnerabilities at the same time by selecting the first checkbox in the column. These buttons display when you select a vulnerability:
- Apply Labels: You can add a label to a vulnerability, which enables you to have classified vulnerabilities. See Labeling the Vulnerabilities for more information.
- New Scan: This button runs a new scan. See Performing Vulnerability Scans for more information.
- Add to current filter: Use this option to add the asset name as a search filter. See Searching Events for more information.
- Find in events: Use this option to execute a search of the asset name in the Events page. See Searching Events for more information.
- Look up in OTX: This option searches the IP address of the asset in the OTX page. See Using OTX in USM Anywhere for more information.
- Full Details: See Viewing Assets Details for more information.
- Configure Asset: See Editing Assets for more information.
- Configure Asset Group: See Configuring an Asset Group for more information.
- Delete Asset: See Deleting the Assets for more information.
- Delete Asset Group: See Deleting an Asset Group for more information.
- Asset Scan: This option displays depending on the USM Anywhere Sensor associated with the asset. See Running Asset Scans for more information.
- Assign Credentials: See Managing Credentials in USM Anywhere for more information.
- Authenticated Scan Authenticated scans are performed from inside the machine using a user account with appropriate privileges.: This option displays depending on the USM Anywhere Sensor associated with the asset. See Running Authenticated Asset Scans for more information.
- Configuration Issues An identified configuration of software that is deployed, or features of software that is in use, which is known to be insecure.: This option goes to the Asset
sDetails page. The Configuration Issues tab is selected in the page. See Viewing Assets Details for more information.
- Vulnerabilities: This option goes to the Asset
sDetails page. The Vulnerabilities tab is selected in the page. See Viewing Assets Details for more information.
- Alarms: This option goes to the Asset
sDetails page. The Alarms tab is selected in the page. See Viewing Assets Details for more information.
- Events Any traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall.: This option goes to the Asset
sDetails page. The Events tab is selected in the page. See Viewing Assets Details for more information.
You can choose the number of items to display by selecting 20, 50, or 100 below the table.
Click Generate Report button to open the Configure Report dialog box. See Create a Vulnerabilities Report for more information.
Click the icon to bookmark an item for quick access. Clicking the icon on the secondary menu shows the bookmarked items and provides links to them.
To create a view configuration
From the Vulnerabilities list view, select the filters you want to apply.
- Select Save View > Save as.
- Enter a name for the view.
- Select Share View if you want to share your view with other users.
- Click Save.
The created view is already selected.
To select a configured view
- From the
Vulnerabilitieslist view, click View above the filters.
- Click Saved views and select the view you want to see.
- Click Apply.
Note: A shared view includes the icon next to its name.
To delete a configured view
- From the
Vulnerabilitieslist view, click View above the filters.
- Click Saved views and click the icon next to the saved view you want to delete.
- Click Accept.
A dialog box displays to confirm the deletion.
Note: You can delete the views you have created.
Important: The icon does not display if the view is selected.
Vulnerabilities from Assets Main Page
To explore vulnerabilities from assets
- Go to Environment > Assets.
- Click the filter Has Vulnerabilities.
- Next to the asset name that you want to explore,
Click the icon and select Vulnerabilities.
- Click the vulnerability you want to explore.
- (Optional.) Click the star symbol to the left of the vulnerability name to mark it for quick access. Clicking the icon on the secondary menu shows the bookmarked items and a link to it.
The asset details page opens with the list of vulnerabilities.