Viewing the security vulnerabilities listing and details
This topic describes how to view and filter the list of security vulnerabilities and how to view their details.
To view the list of security vulnerabilities
- Navigate to Admin > Network Admin > Security Vulnerabilities.
The Security Vulnerabilities page is displayed.
Perform one of the following tasks by using menu options:
Menu option Description Import Import one or more security advisories or bulletins obtained from a vendor into TrueSight Network Automation. For details, see Importing security vulnerabilities.
Filter Filter the list based on a specific criterion. You can filter the list by vendor, ID, title, and/or rule name by using the text area or menu in the corresponding column header. For details, see Filtering the listing of security vulnerabilities. Delete Delete one or more selected vulnerabilities. Each row of the table has a check box on its left to select the vulnerability for deletion. The check box in the header row selects all rows on the current page. When you try to delete a vulnerability, you are provided with the option to delete the associated rule(s) as well, if you have the required permission and if none of the rules are in use or being referenced by other components in TrueSight Network Automation.
Print View Print the list of security vulnerabilities. Refresh Refresh the list. Help Display help about security vulnerabilities. Perform one of the following actions on a security vulnerability by clicking an icon in the Actions column:
Icon Action Description 
View Display all information about the security vulnerability. For details, see Viewing a security vulnerability. 
Delete Delete the security vulnerability and, optionally, its associated rule(s). 
Generate Rule Generate a compliance rule from the security vulnerability.
When you click this icon, the Add Rule page appears with default selections for the security vulnerability. You must review all the settings for correctness, make all the necessary changes, and fill in the required information. For more information, see Generating compliance rules.
Manage Rules Associate and dissociate compliance rules with the security vulnerability. For details, see Managing compliance rules. 
Expand Display additional, important characteristics of the vulnerability inline, including the vendor link. The vendor link contains complete information about the security vulnerability provided by the originator.
To filter the list of security vulnerabilities
Click the Filter menu option 
above the security vulnerabilities list to display the filtering options, as shown in the following figure:
You can use asterisk (*) as the wildcard character in all text-based fields to specify the filter criterion.
Note
Use the Any Text Content filter to search for a string in any text field. Use this filter when you are not sure how a security vulnerability is organized or where TrueSight Network Automation stores information about a security vulnerability.
To view the details of a security vulnerability
Click the View icon in the Actions column to see the details about a security vulnerability. Only those fields that the vendor supplies and that are understood by the security vulnerability importer are present in the details. Only the title always appears in the details.
| Field | Description |
|---|---|
| Title | A summary of the nature of the security vulnerability |
| CVE ID(s) | The Common Vulnerabilities and Exposures (CVE) identifier(s) from the central CVE database |
| Base Score | The numerical severity of the issue, ranging from 0.0 to 10.0 When the vendor specifies more than one base score (for example, one base score per CVE ID), this field contains the highest score. |
| Version | The latest version of the issue, usually a dot-separated numerical version string (for example, 1.2.3) This field determines if an existing security vulnerability is older than the one being imported. Only newer versions are imported successfully when versions are present. |
| Status | The current state of the security vulnerability The values are vendor-specific. |
| Initial Release | The date/time when the security vulnerability was first published by the vendor |
Created (8.9.02 and earlier versions) First Imported (8.9.03 and later versions) | The date/time when the security vulnerability was added to TrueSight Network Automation |
| Last Modified at Source (8.9.03 and later versions) | The date/time when the security vulnerability was last updated in the Cisco or NVD repository. |
| Last Imported | The date/time when the security vulnerability was last updated in TrueSight Network Automation |
| Associated Rule(s) | The names of any associated compliance rules |
Vendor Link (8.9.02 and earlier versions) Vendor Links (8.9.03 and later versions) | The links to the vendor's pages containing complete details about the security vulnerability |
| Description | Details about the nature of the security vulnerability, its impact, and so on |
| Remediation | The steps that can be taken to mitigate, correct, or avoid the security vulnerability |
| Device Types | The device type associated with the devices that are running the affected OS version This field determines whether a vulnerability refers to only one device type or all device types. |
| Affected Products | The particular products, models, or operating systems affected by the security vulnerability |
| Unenforceable Versions | The operating system(s) that lack any specific version information A vendor might report a very broad version or a generalized description of an operating system (for example, "all 6509 models"), but such a description cannot be converted into an OS version pattern appropriate for use in a compliance rule, thus making the versions unenforceable. If you have a device described by an unenforceable version, you might manually develop a rule by using the detailed information provided by the vendor on the vendor's link. |
| Affected OS Versions | The particular device operating system version(s) that are at risk |
Comments
Log in or register to comment.