Vulnerability Assessment
The Vulnerability Assessment dashboard shows the results of Vulnerability Scans. A Vulnerability Scan scans an asset for a list of known vulnerabilities (or vulns).
Tripwire Anyware VA assigns a Vulnerability Score to each vulnerability, which combines the consequences of a successful exploit, the skill required, and the age of the vulnerability. Each asset has an Asset Score, which is the total of the Vulnerability Scores for the vulns detected on that asset.
|
Note: |
For an overview of how Tripwire Anyware VA works, see Getting Started. |
|---|
Vulnerability Results
By default, the Results tab displays information about all of your vulns, assets, and applications. It has three sections:
- The Overview at the top provides a high-level view of your assets, applications, and vulnerability exposure.
- The Risk Matrix prioritizes detected vulnerabilities based on the skill required to exploit them and the risk (consequences) of a successful exploit.
- The Vulnerability Results table displays detailed information about the selected items. Each row in the table represents a single vulnerability affecting a single application on one or more assets.
You can also use the table at the bottom of the page to investigate specific vulns or assets.
Vulnerability results are updated each time a Vulnerability Scan runs. For information about past scans, click the Scan History tab.
To filter the information on the Vulnerability Results tab
- Search at the top for a specific vulnerability by name or CVE, or search for an asset by name.
- Use the tabs in the Vulnerability Results table to toggle between data related to vulnerabilities, affected assets, or affected applications.
- Use filters in the Vulnerability Results table to further refine the results.
To view detailed information about a vulnerability
- Select the Vulnerability tab in the Vulnerability Results table.
- Use the filters described above to display the vulnerability in the table.
-
Click the vulnerability to see more information about the vulnerability, including mitigation and remediation instructions.
At the bottom, you'll see a list of the assets and applications affected by this vulnerability. Click anywhere on an asset's row to see detailed information about that asset.
To view the vulnerabilities on a specific asset
- Select the Asset tab in the Vulnerability Results table.
- Use the filters described above to display the asset in the Results table.
-
Click the asset to see more information about the asset, including a targeted Risk Matrix for the vulnerabilities on the asset.
At the bottom, you'll see a list of the vulnerabilities detected on this asset. Click anywhere on a row to see detailed information about that vuln.
To view detailed information about an application
- Select the Application tab in the Vulnerability Results table.
- Use the filters described above to display the application in the Results table.
-
Click the application to see more information, including the vulnerabilities associated with the application and the assets on which the application was discovered.
Scan History
The Scan History tab shows the trend of Asset Scores over the last seven days, including the highest overall score and the average score for all assets scanned.
Tripwire Anyware VA assigns a Vulnerability Score to each vulnerability, which combines the consequences of a successful exploit, the skill required, and the age of the vulnerability. Each asset has an Asset Score, which is the total of the Vulnerability Scores for the vulns detected on that asset.
The table at the bottom of the tab lists detailed information about completed Vulnerability Scans. Use the Table Settings to show/hide or filter information in the table.