Host Finding Detail
Overview of the helpful information that appears in Host Finding Detail
- Scanner: The scanner that discovered the finding.
- ID: Finding ID Number
- Title: Finding title.
- Description: Detailed information on the finding, what it is, where it comes from, and why it is a vulnerability.
- Status: Reviews information on the finding such as "Discovered On" "Last Found On" "Resolved On" "Current State" and the time duration since the finding had been found.
- History(
): The finding’s timeline—when it was added, updated, etc.
- Technology: Only in relation to policy scanning. Must be done via Qualys to display. This will display the type of policy scan that was conducted.
- Group Details/Groups: The group in RiskSense the finding is assigned to
- Assignment Information:
- Host: The asset the Finding is on and it’s IP address.
-Asset Criticality Rating (1-5, with 5 being most severe) and if it is an external/internal host.
- Network: The Network name where the finding is located and its type (IP or HOSTNAME).
- Services: Most Recent ports or services recently identified
- Workflow Attachments: Any file attachments that have been associated with the finding.
- Observations: Assessments this finding has appeared on.
- Vulnerabilities: Information on vulnerabilities associated with the finding that provides details, CVE information, and risk rating.
- Manual Finding Reports: Links and information pertaining to a Manual Finding (resulting from a RiskSense Penetration Test)
- Links to the CVE database, MITRE database, and Google for more vulnerability data.
- Threats: Information on exploits, malware, or Trojans associated with this. Having any or all these issues drastically increases the finding’s threat level.
- Finding Footprint: This section allows users to easily denote this finding and then also quickly show the other hosts with similar findings. The top 10 is displayed. This section also has a search bar so that Hostnames can be entered (or partially entered) then searched quickly for instances of the finding in and beyond the top 10 displayed list.
- Under the search bar, the user can also click to filter the vulnerabilities seen on the page by the findings in the footprint and by Scanner Plugin.
- Possible Solution: RiskSense-provided suggestions (where available) on how to remediate the issue.
- Possible Patches: Information (where available) on how to patch the issues. These will (when possible) be linked to give easy access to find the patch location.
- Finding Tags: Any tags assigned to this finding.
- Asset Tags: Any Host/Asset tags related to the Host the Finding is a part of
- Tickets: Any ServiceNow tickets the finding has been assigned to
- Notes: Any notes written by RiskSense users on the finding.
- Output: When the scanner runs the plugin, this is the response back that helps determine the best solution for the finding.