A high-level overview of various terms and concepts used in the RiskSense platform.
Application: A software program, website, or web service and/or its underlying source code and libraries. Examples of applications include websites, source code, open-source libraries, or running containers and container images. Different tools may mimic attacks on applications over the network, report on common software weaknesses in source code, or list vulnerabilities in containers.
Asset: A device, system, or environment component used for information activities on which vulnerabilities are found. Examples of assets include network hosts, applications, open-source libraries, and containers. In the RiskSense platform, every asset is assigned an RS³, which quantifies its security posture based on constituent vulnerabilities.
Plugin: A unique identifier for a third-party data source such as scanners or, in the case of generic upload, potentially a security (penetration test) team. This is used to help the platform identify future findings.
Finding: An instance of a plugin found on an asset that can be fixed by either a patch, configuration, or is purely informational and can be assigned to a user, remediated, and viewed in greater detail. It can also reference associated vulnerabilities and weaknesses as applicable.
Group: A collection of assets sharing common attributes for organizing, reporting, or access-control purposes. Groups can comprise any commonality, such as device type, operating system, project, subnet, or owner. Assets can belong to multiple groups. Groups also serve as a security boundary. If a user is not assigned to at least one group to which an asset is associated, that asset will not be visible or accessible to the user.
Host: A computer or hardware device that can connect to a network through a user interface, network address, software, or other means.
Network: RiskSense uses Networks to determine asset uniqueness. Networks offer two asset aggregation options: IP Address or Host Name.
Playbook: Many actions within the RiskSense platform can be automated using built-in tools. A collection of actions that are taken automatically by the system is known as a playbook. Examples of actions include assigning findings to users, moving assets between groups, applying tags, and more. Playbooks can be set to execute at a specified time and on a designated frequency schedule.
Rule: An individual action that is taken automatically within a playbook is called a rule. Each rule is executed based on a set of conditions that utilize RiskSense’s filtering system, target a specific selection of objects (such as assets or findings), and can notify users via email when they execute.
Tag: Tags in RiskSense can be applied to assets, web applications, and vulnerabilities and are helpful for filtering.
Threat: A security threat or an architectural weakness can be an exploit, malware, or default credential mapped to a vulnerability or a plugin. A finding that is related to a threat is considered “weaponized.”
Trending: A vulnerability or threat is considered to be trending if it is actively being exploited in the wild.
Vulnerability: A weakness that can be exploited by a threat actor, such as an attacker, to cross privilege boundaries within a computer system.
Workflow: Organizations can use workflows to enhance their vulnerability remediation strategies by closing findings outside of an assessment or applying a different Severity to a finding. For example, an organization can choose to either temporarily accept risk or mark findings as false positives. All workflows must go through an approval process. Users can provide evidence when making requests.