Host Finding Detail

Overview of the helpful information that appears in Host Finding Detail

  • Scanner: The scanner that discovered the finding.
  • ID: Finding ID Number
  • Title: Finding title.
  • Description: Detailed information on the finding, what it is, where it comes from, and why it is a vulnerability.
  • Status: Reviews information on the finding such as "Discovered On" "Last Found On" "Resolved On" "Current State" and the time duration since the finding had been found.
  • History(): The finding’s timeline—when it was added, updated, etc.
  • Technology:  Only in relation to policy scanning. Must be done via Qualys to display. This will display the type of policy scan that was conducted.
  • Group Details/Groups: The group in RiskSense the finding is assigned to
  • Assignment Information:
  • Host: The asset the Finding is on and it’s IP address.
    -Asset Criticality Rating (1-5, with 5 being most severe) and if it is an external/internal host.
  • Network: The Network name where the finding is located and its type (IP or HOSTNAME).
  • Services: Most Recent ports or services recently identified
  • Workflow Attachments: Any file attachments that have been associated with the finding.
  • Observations: Assessments this finding has appeared on.
  • Vulnerabilities: Information on vulnerabilities associated with the finding that provides details, CVE information, and risk rating.
  • Manual Finding Reports: Links and information pertaining to a Manual Finding (resulting from a RiskSense Penetration Test)
  • Links to the CVE database, MITRE database, and Google for more vulnerability data.
  • Threats: Information on exploits, malware, or Trojans associated with this. Having any or all these issues drastically increases the finding’s threat level.
  • Finding Footprint: This section allows users to easily denote this finding and then also quickly show the other hosts with similar findings. The top 10 is displayed. This section also has a search bar so that Hostnames can be entered (or partially entered) then searched quickly for instances of the finding in and beyond the top 10 displayed list.
    - Under the search bar, the user can also click to filter the vulnerabilities seen on the page by the findings in the footprint and by Scanner Plugin.
  • Possible Solution: RiskSense-provided suggestions (where available) on how to remediate the issue.
  • Possible Patches: Information (where available) on how to patch the issues. These will (when possible) be linked to give easy access to find the patch location.
  • Finding Tags: Any tags assigned to this finding.
  • Asset Tags: Any Host/Asset tags related to the Host the Finding is a part of
  • Tickets: Any ServiceNow tickets the finding has been assigned to
  • Notes: Any notes written by RiskSense users on the finding.
  • Output: When the scanner runs the plugin, this is the response back that helps determine the best solution for the finding.