To assign vulnerabilities to RiskVision objects, such as entities, tickets, controls and subcontrols, select the vulnerabilities by entering the search criteria. The Select Vulnerabilities interface has search elements with a text box or a check box that you can choose to narrow search results.
| Search Element | Description |
|---|---|
| Title | Input the title text to search for vulnerabilities. |
| Identifier | Input the alphanumeric character to search for vulnerabilities. |
| Description | Input the vulnerability description to search for vulnerabilities. |
| Severity | Search for vulnerabilities based on their severity, such as low, medium, or high. Specify the complete string to search vulnerabilities based on the severity. For example, "med" will not return any results. |
| Source | Search for vulnerabilities based on their source, such as NVDB or Nessus. |
| Secondary Source | Search for vulnerabilities based on a secondary source, such as a scanner. |
| Technology | Search for vulnerabilities that are associated with a technology, such as Microsoft, Symantec, or Oracle. |
| Patch Name | Search for resolved vulnerability instances for which a patch has been applied. |
| CWE | Input the CWE value to search for vulnerabilities. |
| Other Identifiers | Search for vulnerabilities identified from a vulnerability database other than NVDB, such as MLIST or Security Focus. |
| CVSS Score less than | Search for vulnerabilities with a CVSS score less than a specified value. |
| CVSS Score greater than | Search for vulnerabilities with a CVSS score greater than a specified value. Use CVSS Score less than and greater than to find vulnerabilities between a score range. |
| Published between | Search for NVDB vulnerabilities and user-created vulnerabilities published between a specified period of time. |
| Modified between | Search for vulnerabilities modified between a specified period of time. |
To assign a vulnerability:
Follow with the navigation in the following table for the desired object type:
Object Navigation Entity Go to Entities > Entities, then select an entity to open. Click the Vulnerabilities List tab > Assign. Control and Subcontrol Go to Content > Controls and Questionnaires, then click a control or subcontrol to open. Click the References tab > More Actions > Map to Vulnerability. Ticket Go to Home > Tickets, then click a ticket to open. Click Linked To > Vulnerabilities tab > Assign. Technology Open RiskVision Threat and Vulnerability Manager. Go to Vulnerabilities > All Technologies, then click a technology to open. Click Vulnerabilities > Link to Existing Vulnerabilities. Chart Go to Analytics > Charts. Click a chart. Go to the Filters tab, then click +. Search for vulnerabilities. Click Select Search Criteria and select search elements, or click the Published between or Modified between checkbox to select a date range. Click Search.
Searching for elements in the Select Vulnerabilities dialog.
Search results are returned using:
- The "AND" operator - If the search criteria is applied to the different search elements.
- The "Contains" operator - If the input text is entered for a single search element.
- The "Or" operator - If the search criteria is a comma separated value for the Identifier search element.
- Select the check box next to the vulnerability, then use the right arrow to move the vulnerability into vulnerabilities to assign pane, and then click OK. To remove the selection, use the left arrow.
