Use security issues
Security issues are used to identify all items detected during Cyberwatch security scans which are not vulnerabilities. The first source for security issues are the “Network targets and websites” scans. They can also be obtained from an asset analysis, such as security issues regarding OS obsolescence or an application obsolescence.
Cyberwatch allows you to create “custom” security issues and affect them to your assets. This feature can be used, for instance, to:
- import data from a security audit / penetration test;
- import the results of a third-party security software with our API.
Create a Security issue
From an asset page:
- Click on Inventory
- Click on the affected asset name
- In the page dedicated to the asset, click on the “Security issues” tab
- Click on Add a new security issue
From a CVE page:
- Click on Vulnerability Encyclopedia
- Click on the concerned CVE
- On the CVE page, click on “Actions”
- Click on “Add a new security issue”
Complete the fields of the form:
Reference
: reference of the security issue (e.g. the reference of a penetration test report, or from a third-party security software)Title
: title of the security issueDescription
: description of the security issueSeverity
: severity of the security issueAssets
: list of assets affected by the security issueCVEs
: list of CVE announcements related to the security issue
- Save
If the fields have been correctly set, the security issue will appear in the list of security issues.
Moreover, the CVEs specified in the CVEs
field will also be affected to the asset, and will be displayed in the ‘Vulnerabilities’ tab.
Edit a Security issue
- Click on Inventory
- Click on the affected asset name
- In the page dedicated to the asset, click on the “Security issues” tab
- Click on the edit button (pencil icon) corresponding to the security issue to edit
- Modify the desired fields in the form. Unedited fields will keep existing values
- Save
Delete a Security issue
- Click on Inventory
- Click on the affected asset name
- In the page dedicated to the asset, click on the “Security issues” tab
- Click on the delete button (bin icon) corresponding to the security issue to delete
- Confirm
Delete multiples Security issues
- Click on Inventory
- Click on the affected asset name
- In the page dedicated to the asset, click on the “Security issues” tab
- Select the security issues you want to delete
- Click on the “Bulk actions” button to display the different options
- Click on the “Delete the selected security issues” button
- Confirm
Severity rate
Cyberwatch assigns a severity rate to each of its security issues. This rate is ranging from informative to critical. This severity rate is elaborated by Cyberwatch and depends on the issue type, the risk it represents and the impact it may have.
Put differently, the severity rate of a security issue is relative to its danger. For example, due to it higher impact level on a system, an “OS obsolescence” issue type has a higher severity rate than an “Application obsolescence” one.