Managing & Maintaining Vulnerabilities

This article covers the general management and maintenance of vulnerabilities in 6clicks

1. Vulnerabilities overview

2. Update vulnerability priority

3. Update vulnerability status

4. Vulnerability updates

5. Link newly discovered assets to your 6clicks Asset Register

6. Review and manage vulnerabilities

1. Overview of vulnerabilities

Navigate to Vulnerabilities via the left navigation panel

Select the Vulnerabilities tab

Vulnerabilities can be viewed by Vulnerability or by the Asset to which it is linked:

vulnsviewby

Clicking the check box next to the vulnerability gives the option to Update Priority, Update Status and Delete vulnerabilities from the table

2. Update vulnerability priority

Click the check box next to one or more vulnerabilities, select Update Priority and then select the applicable priority in the modal to the right:

vuln_updatepri

3. Update vulnerability status

Click the check box next to one or more vulnerabilities, select Update Status and then select the applicable status in the modal to the right:vuln-updatestatus

Open: The vulnerability is active

Closed: The vulnerability has been resolved and is ready to be closed 

Deferred: This vulnerability has been deprioritized for review at a later point. If found in new scans, vulnerabilities with this status will not reopen.

4. Vulnerability Updates

Vulnerability Details are automatically updated with every new scan:

  • If an existing vulnerability is found in a new scan, details of that vulnerability will be updated if any changes are found
  • If a closed vulnerability is found in a new scan, the details of the vulnerability will be updated, and the vulnerability will be reopened
  • If open/deferred vulnerabilities of an asset are identified to be closed as per the new scan, then these are marked for closure on the latest scan, and the user can mark them as closed

5. Link newly discovered assets (Host IP/Domain) to your 6clicks Asset Register

When viewing vulnerabilities, assets that have been imported but are not linked to an asset stored in the 6clicks Asset Register will appear under Not Linked To Assets. To link an imported asset to an asset in the Asset Register, click the link icon to the right.

A panel will appear on the right where a new asset can be created and linked, or you can link directly to an existing 6clicks asset. An imported asset is linked to a 6clicks asset by either the Host IP or Domain, depending on the data associated with the imported asset. 

To link to an existing asset in the register, click the link icon to the left of the asset name:

vuln_linkassetTo create a new asset in the register, type in the name and press enter 

vuln_newassetEnter the asset information in the fields below:

vuln_createnewasset

Once linked, the Host IP or Domain field will be populated in the 6clicks asset. The linked 6clicks asset will now be listed with the name you provided, in this example, Demo Server, when you click View by: Assets in the Vulnerabilities module. When you review your asset register, you will see the new asset with the Host IP or Domain field populated via this link.

6. Review and manage vulnerabilities

Viewing the Vulnerabilities

Click the Vulnerabilities column and select View by: Vulnerabilities to view the vulnerabilities you have imported or added to your tenant

vuln_view

When you click on a vulnerability In the Overview screen, details of the vulnerability will appear.  Depending on how your vulnerabilities are imported, there are a few things to note:

  • When importing a vulnerability that is associated with a Host IP but across multiple Ports, the ports are consolidated in the Port field, and you can hover your mouse over the field to view all the ports:vuln_multports
  • When importing vulnerabilities that are associated with a single Domain but across multiple URLs, the URLs are consolidated in the URL field, and you can hover your mouse over the field to view all URLs

Click the blue bubble next to Priority to select a priority for the vulnerability

Click the + icon next to Vulnerability Owner(s) to add one or more vulnerability owners

You can link Issues and Risks to the vulnerability on the right-side panel. Click on the + icon to link the issue or risk. You can then manage the lifecycle of these from their respective modules.vuln_selectpriowner

If the CVE ID was mapped during the mapping process, it can be found in the right-side panel below Issues & Actions and Risks. Detailed CVE ID information can be found at https://www.cve.org/. 

The Status of the vulnerability can also be edited. There are three options:vuln_changestatus

  1. Open
  2. Closed
  3. Deferred

These statuses allow you to track the lifecycle of vulnerabilities. If you close a vulnerability and it is included in a new vulnerability upload, then the Status will return to "Open" automatically.