Host Findings
      Back to home
      1. RiskSense Knowledge Base
      2. Data Ingestion & Outcomes
      3. Host Findings

      Host Finding Detail

      Overview of the helpful information that appears in Host Finding Detail

      • Scanner: The scanner that discovered the finding.
      • ID: Finding ID Number
      • Title: Finding title.
      • Description: Detailed information on the finding, what it is, where it comes from, and why it is a vulnerability.
      • Status: Reviews information on the finding such as "Discovered On" "Last Found On" "Resolved On" "Current State" and the time duration since the finding had been found.
      • History(): The finding’s timeline—when it was added, updated, etc.
      • Technology:  Only in relation to policy scanning. Must be done via Qualys to display. This will display the type of policy scan that was conducted.
      • Group Details/Groups: The group in RiskSense the finding is assigned to
      • Assignment Information:
      • Host: The asset the Finding is on and it’s IP address.
        -Asset Criticality Rating (1-5, with 5 being most severe) and if it is an external/internal host.
      • Network: The Network name where the finding is located and its type (IP or HOSTNAME).
      • Services: Most Recent ports or services recently identified
      • Workflow Attachments: Any file attachments that have been associated with the finding.
      • Observations: Assessments this finding has appeared on.
      • Vulnerabilities: Information on vulnerabilities associated with the finding that provides details, CVE information, and risk rating.
      • Manual Finding Reports: Links and information pertaining to a Manual Finding (resulting from a RiskSense Penetration Test)
      • Links to the CVE database, MITRE database, and Google for more vulnerability data.
      • Threats: Information on exploits, malware, or Trojans associated with this. Having any or all these issues drastically increases the finding’s threat level.
      • Finding Footprint: This section allows users to easily denote this finding and then also quickly show the other hosts with similar findings. The top 10 is displayed. This section also has a search bar so that Hostnames can be entered (or partially entered) then searched quickly for instances of the finding in and beyond the top 10 displayed list.
        - Under the search bar, the user can also click to filter the vulnerabilities seen on the page by the findings in the footprint and by Scanner Plugin.
      • Possible Solution: RiskSense-provided suggestions (where available) on how to remediate the issue.
      • Possible Patches: Information (where available) on how to patch the issues. These will (when possible) be linked to give easy access to find the patch location.
      • Finding Tags: Any tags assigned to this finding.
      • Asset Tags: Any Host/Asset tags related to the Host the Finding is a part of
      • Tickets: Any ServiceNow tickets the finding has been assigned to
      • Notes: Any notes written by RiskSense users on the finding.
      • Output: When the scanner runs the plugin, this is the response back that helps determine the best solution for the finding.