The General tab of the Threat object pop-up displays the following fields:
- Type: Type of report that RiskVision imported.
- Subtype: Subtype of report that RiskVision imported.
- Source: Threat feed provider.
- Identifier: ID assigned by threat intelligence provider.
- Title: Descriptive name of the threat intelligence.
- Description: Summary of the threat intelligence.
- Owner: The person responsible for analyzing or mitigating the threat.
- Reference Count: The number of references for the threat report. The higher the number, the greater the threat.
- Severity: Severity of the threat. You need to manually select this field. Possible values include:
- Informational (score = 1)
- Low (score = 2)
- Medium (score = 3)
- High (score = 4)
- Critical (score = 5)
- Likelihood: You need to manually select this field. The Likelihood values are ordered as follows:
- Unlikely (score = 1)
- Possible (score = 2)
- Likely (score = 3)
- Almost Certain (score = 4)
- Certain (score = 5)
- Risk: The risk posed by the threat. This is a calculated field and cannot be edited. Calculated Risk = (Severity * Likelihood). Risk values are as follows:
- Very Low (1 score)
- Low (2 - 5 score)
- Medium (6 - 11 score)
- High (12 - 19 score)
- Very High (20 - 25 score)
- Risk Rating: The rating assigned to the threat by the feed.
- Risk Score: The threat's quantitative risk score as reported by threat intelligent providers.
- Exploit Rating: The rating assigned to the threats exploit by the feed. The higher the rating, the more dangerous the threat is.
- Proof of Concept Exploit: Marked True if the threat has an exploit code, False if it doesn't.
- Quantity of Proof of Concept Exploits: The number of proof of concept exploits that exist for this threat.
- Weaponized Exploit: Marked True if the exploit has been automated, False if it hasn't.
- Quantity of Weaponized Exploits: The number of weaponized exploits that exist for this threat.
- Exploited in the Wild: Marked True if the threat has been exploited in a real-life setting, False if it hasn't.
- Quantity of Exploits in the Wild: The number of exploits that have been exploited in the wild, not the number of times an exploit has been exploited in the wild.
- Exploitation Consequence: The consequences of the threat's exploit.
- Zero Day/Early Warning: Will display whether or not there is an early warning for this threat.
- Status: Potential values are as follows:
- New
- Acknowledged
- Investigating
- Ignore
- Mitigating
- Mitigated