Viewing the security vulnerabilities listing and details
This topic provides instructions on viewing and filtering the list of security vulnerabilities, and viewing the vulnerability details.
Viewing the list of security vulnerabilities
To view the list of security vulnerabilities, go to Admin > Network Admin > Security Vulnerabilities. By default, security vulnerability importers are sorted by Vendor. To sort on a different column, click the column heading. You can view the vulnerability details by clicking its ID.
You can use the menu options to perform the following tasks:
Menu option | Description |
|---|---|
Import | Import one or more security advisories or bulletins obtained from a vendor into TrueSight Network Automation. For details, see Importing-security-vulnerabilities. |
Filter | Filter the list based on a specific criterion. You can filter the list by vendor, ID, title, and/or rule name by using the text area or menu in the corresponding column header. For details, see Filtering the listing of security vulnerabilities. |
Delete | Delete one or more selected vulnerabilities. Each row of the table has a check box on its left to select the vulnerability for deletion. The check box in the header row selects all rows on the current page. When you try to delete a vulnerability, you are provided with the option to delete the associated rule(s) as well, if you have the required permission and if none of the rules are in use or being referenced by other components in Network Automation. When you confirm deletion, the Security Vulnerability Delete Results window confirms whether or not the vulnerabilities were deleted successfully. The Failed section shows the error code and error message for the failure if any of the selected vulnerabilities could not be deleted. The Succeeded section confirms that the vulnerabilities were deleted successfully. When you filter items in this window by a particular string, items that contain the string are also displayed along with the items having the exact string. If you use asterisk (*) in the search string, it is considered as an exact character to be searched for, not as a wildcard character. |
Refresh | Refresh the list. |
Use the Actions icons to perform the following actions on a security vulnerability.
Action | Description |
|---|---|
Delete | Delete the security vulnerability and, optionally, its associated rule(s). |
Generate Rule | Generate a compliance rule from the security vulnerability. |
Manage Rules | Associate and dissociate compliance rules with the security vulnerability. For details, see Managing compliance rules. |
Expand | Display additional, important characteristics of the vulnerability inline, including the vendor link. The vendor link contains complete information about the security vulnerability provided by the originator. |
Filtering the list of security vulnerabilities
Click the Filter menu option 
above the security vulnerabilities list to display the filtering options such as Device Type, CVE ID, and Remediation.
You can use asterisk (*) as the wildcard character in all text-based fields to specify the filter criterion.
Viewing the details of a security vulnerability
Click the CVE ID of a vulnerability in the ID column to see the details about the vulnerability. Only those fields that the vendor supplies and that are understood by the security vulnerability importer are present in the details. Only the title always appears in the details.
Field | Description |
|---|---|
Title | A summary of the nature of the security vulnerability |
CVE ID(s) | The Common Vulnerabilities and Exposures (CVE) identifier(s) from the central CVE database |
Base Score | The numerical severity of the issue, ranging from 0.0 to 10.0 When the vendor specifies more than one base score (for example, one base score per CVE ID), this field contains the highest score. |
Version | The latest version of the issue, usually a dot-separated numerical version string (for example, 1.2.3) This field determines if an existing security vulnerability is older than the one being imported. Only newer versions are imported successfully when versions are present. |
Status | The current state of the security vulnerability The values are vendor-specific. |
Initial Release | The date/time when the security vulnerability was first published by the vendor |
First Imported | The date/time when the security vulnerability was added to Network Automation |
Last Modified at Source | The date/time when the security vulnerability was last updated in the Cisco or NVD repository. |
Last Imported | The date/time when the security vulnerability was last updated in Network Automation |
Associated Rule(s) | The names of any associated compliance rules |
Vendor Links | The links to the vendor's pages containing complete details about the security vulnerability |
Description | Details about the nature of the security vulnerability, its impact, and so on |
Remediation | The steps that can be taken to mitigate, correct, or avoid the security vulnerability |
Device Types | The device type associated with the devices that are running the affected OS version This field determines whether a vulnerability refers to only one device type or all device types. |
Affected Products | The particular products, models, or operating systems affected by the security vulnerability |
Unenforceable Versions | The operating system(s) that lack any specific version information A vendor might report a very broad version or a generalized description of an operating system (for example, "all 6509 models"), but such a description cannot be converted into an OS version pattern appropriate for use in a compliance rule, thus making the versions unenforceable. If you have a device described by an unenforceable version, you might manually develop a rule by using the detailed information provided by the vendor on the vendor's link. |
Affected OS Versions | The particular device operating system version(s) that are at risk |
Related topic