Host Findings: Overview

High-level overview of the Hosts Findings page.

The Host Findings page is the primary source for organizing and remediating network findings within the RiskSense platform. Navigate to the Network > Host Findings page to see the findings. Please note that you can only see the findings assigned to you via group permissions.

Findings

  1. Filters: Filters allow the user to apply multiple selections to customize the view and see specific findings as needed.
    1. Active Filters (): Select your filter category, adjust any additional filter boxes that pop up related to that category, and click the Add The new filter is added to the list of filters below and adjusts your findings accordingly.
    2. Saved/Shared Filters (): After creating a filter, the user can save the filter in Saved Filters for quick access during future use.
    3. System Filters (): Filters frequently used within RiskSense to organize findings and quick filters for top exploits.
    1. Site Navigation Breadcrumbs and Filters: The site navigation breadcrumbs show where on the platform the current page is located. The Active Filters show what filters are currently applied as findings are displayed on the screen.
    2. Page Refresh: This button refreshes the current page.
    3. Export: Only available when findings are selected. Options for exporting findings include XML, XLSX, and CSV. Name the file (optional) and insert comments (optional). Both the assets the findings are on and the findings will be exported along with information for the asset/finding.
    4. Tags: Drop-down menu allows a user to apply existing tags to selected findings or create new tags.
    5. Workflow: Drop-down menu showing the remediation workflow possibilities for a finding. See the Workflows: Overview section for more information on each workflow type.
    6. More: Contains multiple options for the assignment, remediation, and review of vulnerabilities. The user can also make notes on findings. Here users can also create tickets for findings (if a ticket connector has been created in the admin/connectors
    7. Checkboxes: Used for selecting findings. User can Select All or Deselect All findings by clicking the checkbox in the column header.
    8. Risk: The RiskSense score assigned to the finding based on its exploits, issues, and background. The scale is 1-10, with 10 being the most critical/severe.
    9. Severity: The industry standard for finding/vulnerability severity. This comes from MITRE, the National Vulnerability Database, and other scanner sources and is on a scale from 1-10, with 10 having the highest severity.
    10. State: The finding’s Status/State (ex. Unassigned, Assigned, RM-Approved by Scan, RM-Reworked by Scan, RM-Requested, RM-Reworked, RM-Approved, RA-Requested, RA-Reworked, RA-Approved, FP-Requested, FP-Reworked, FP-Approved).
    11. Assignments: Shows who (if anyone) a finding is assigned to.
    12. Title: Title of the finding.
    13. Type: 
    14. Groups: The group(s) to which the finding is assigned.
    15. Ports: Ports related to the vulnerability
    16. Hostname: Host that contains the finding.
    17. IP Address: IP address on the host where the finding is located.
    18. Criticality: Set via group by the user. Criticality ranges from 1-5, with 5 being the most severe.
    19. Int/Ext: Denotes if the host is internal or external
    20. RiskSense Verified: Icon-defined findings manually entered by a RiskSense Penetration Tester.
    21. Threat Count: Shows the vulnerabilities on a finding. Clicking the number opens the Host Finding Detail page, where more details can be gathered about exploits, Trojans, malware, as well as possible solutions.
    22. Tags: Shows the tags assigned to a finding. Clicking the number will open the Host Finding Detail panel for more specific details on the various tags.
    23. Asset Tags: Denotes any ticket tags assigned to the finding.
    24. Notes: Displays the notes that have been written on the finding by users. Add notes by selecting a finding and clicking More > Add Note. Clicking the number opens the Host Finding Detail panel for details on the note.
    25. Finding Sorting Drop-Down: Various ways that findings can be sorted.
    26. Page Selection: Shows range of findings on current page as well as a box to manually insert a page number to skip to.

    Note: Look for the Settings (List Views - Settings Button) button in the upper-right hand corner. This icon allows you to add additional columns into the view that may not be set there by default. Last Found on Date, Discovered on Date, Resolved On Date, Finding Footprint, CVSS, and Ticket may all be helpful columns to add depending on your remediation strategies and processes.