Guides
sevco.io
Start typing to search…

Live Vulnerabilities Overview

Overview

Sevco’s Unified Vulnerability Inventory provides a single place for your software vulnerabilities for advanced risk-based vulnerability prioritization. This is done first by aggregating vulnerabilities from sources like your EDR, IAM, and patch management solutions. Next, we add them to our Asset Graph to contextualize them in your asset environment, while also enriching them with the latest threat and exploit intelligence information. This will allow you to quickly identify the vulnerabilities that pose the highest risk to your IT environment and take steps to mitigate them.

Vulnerabilities Live Inventory

The Vulnerabilities Live Inventory page provides an aggregated view of all the software vulnerabilities identified in your environment by your Source integrations. This page functions very similarly to other Live Inventory pages in the Sevco platform. It can be used to view information about software vulnerabilities such as CVSS and EPSS scores, associated CVEs, KEV status, and impacted devices. The page also offers filtering and querying features that can be used to search for software vulnerabilities based on criteria specified by the user.

We recommend using this page to:

  • Assess the current state of vulnerabilities across your software environment
  • Track software vulnerabilities by severity, impacted systems, exploit availability, or business-critical assets to better focus your remediation efforts on vulnerabilities that pose the highest risk to business operations
  • Identify software requiring patches or updates and streamline your workflow by prioritizing systems based on software vulnerability severity and exploit likelihood
  • Enrich your automated actions by sending information about critical assets impacted by software vulnerabilities to platforms like Jira or ServiceNow
Vulnerabilities Inventory page

Accessing the Page

You can access this page by selecting the Live Inventory icon on the Navigation bar and selecting Vulnerabilities from the dropdown.

Pointing to the Vulnerabilities like on the Navbar

Vulnerability Inventory Totals

In the top-left corner of the Live Inventory page, you will notice that there are two totals listed for your unified vulnerabilities. The top number represents the total number of distinct vulnerabilities while the bottom number represents the total number of vulnerability instances.

  • Distinct Vulnerabilities – A distinct vulnerability identifies a single vulnerability present in your environment. Each distinct vulnerability is only counted once and is included in the Vulnerability Inventory List.
  • Vulnerability Instances – A vulnerability instance is an instance of a distinct vulnerability being present in your environment. Each instance of a distinct vulnerability is factored into the total vulnerability-instances count, resulting in a total that is often much higher than the distinct-vulnerability total.
Total count of distinct vulnerabilities and vulnerability instances

Vulnerability Inventory List

The Inventory List provides a real-time snapshot of all the software vulnerabilities reported by your Source integrations. Each row represents a unique software vulnerability identified in your environment.

An overview of your vulnerability prioritization metrics is displayed in the columns. This includes:

  • Overall severity score
  • CVSS score and EPSS probability
  • Known Exploited Vulnerability (KEV) status
  • Associated CVE
  • Number of devices impacted by the vulnerability
Highlighting Inventory List columns

The heat map on the right indicates whether or not a Source integration has detected a software vulnerability:

  • Blue means the Source has detected it
  • Black means the Source has not detected it
Example of Inventory heat map

Select a row to reveal more information about that software vulnerability:

Example expanded Inventory row
  1. The left column provides more in-depth information about a software vulnerability's CVSS scores as well as its EPSS probability and percentile.
  2. Information about known exploits, their maturity (i.e., Weaponized), and usage is also listed in the left column.
  3. The Tags section allows you to manage what tags are associated with a software vulnerability.
  4. Information about software vulnerabilities is enriched with data from VulnCheck, providing you with a description of the vulnerability and a solution for remediating it.
  5. To view devices impacted by a software vulnerability, select the See affected devices button.
  6. Select the See details button to access a software vulnerability's Vulnerability Details page.

Venn Diagram and Filters

Like the Device and User Live Inventory pages, this page offers the same Filtering and Venn Diagram tools to help you identify specific software vulnerabilities.

Highlighting the Venn Diagram and Filters on Live Inventory

Query Builder

The Query Builder is a powerful tool that allows you to search for specific software vulnerabilities using criteria defined in a query associated with any other asset attribute. For example, you may wish to run a query that displays Critical software vulnerabilities impacting Windows Server devices that are being accessed by domain admins in Microsoft AD. Regardless of what query you are running, the query builder is the easiest way to gain insight into how software vulnerabilities are impacting specific segments of your asset environment.

Example query in the query builder

Vulnerability Details

In addition to the information found on the Vulnerabilities Live Inventory page, you can also view additional information about a vulnerability on its Vulnerability Details page.

This page can be accessed by selecting a software vulnerability's name or the See details button in its dropdown.

Navigating to the Vulnerability Details page

Unified Vulnerability Details

The Vulnerability Details page contains VulnCheck data that provides additional information about the software vulnerability, such as a description of it and the required action to remediate it. You can also find information about its presence in your environment such the number of devices impacted by it as well as when it was first and last seen.

The right panel of the page contains unified software vulnerability details, meaning information that has been correlated, aggregated, and deduplicated from all your vulnerability sources. You will find information about the software vulnerability such as its severity, number of known exploits EPSS and CVSS scores.

Vulnerability Details page

Click the Devices tab on the left menu to view all devices impacted by a vulnerability. From there, you can select the See affected devices button to view all devices with the software vulnerability on the Device Live Inventory page.

Selecting the Devices tab followed by a link to view Devices in Live Inventory

Source Details for Vulnerabilities

On the left menu of the page, you can view information about a software vulnerability as it is reported by each of your Sources.

Select a Source Asset Record to view information that it has identified about that particular software vulnerability. This will likely contain information such as a description of the vulnerability, required actions, its severity, CVSS scores, and when it was first found by the Source.

Source Details tab for Vulnerabilities

Vulnerability Inventory

A Vulnerability Inventory page is a type of Source Inventory page. These pages are integration-specific and only display vulnerability data from a single vulnerability Source integration-type. Vulnerability Inventory pages can be used to search for and monitor vulnerabilities associated with a Source. Additionally, you can also review information about a vulnerability Source's health (Status) and reconfigure it as-needed.

Image of Vulnerability Inventory page

Learn more about about Vulnerability Inventory pages and Source Inventory pages more broadly.

Updated 1 day ago