This article covers the general management and maintenance of vulnerabilities in 6clicks.
Navigate to Vulnerabilities via the left navigation panel.
Select the Vulnerabilities tab.
Vulnerabilities can be viewed by Vulnerability or by the Asset it is linked to.
Clicking the check box next to the vulnerability gives the option to Update Priority, Update Status and Delete vulnerabilities from the table.
Open Status: When the vulnerability is active.
Closed Status: When the vulnerability has been resolved and is ready to be closed.
Deferred Status: This vulnerability has been deprioritized and reviewed at a later point. This will not reopen the vulnerability if found in new scans.
Vulnerability Auto Updates
Vulnerability Details are auto-updated upon every new scan:
- If an existing vulnerability is found in a new scan, details of that vulnerability will be updated if any changes are found.
- If a closed vulnerability is found in a new scan, the details of the vulnerability will be updated, and the vulnerability will be reopened.
- If open/deferred vulnerabilities of an asset are identified to be closed as per the new scan, then these are marked for closure on the latest scan, and the user can mark them as closed.
Linking new assets found (Host IP/Domain) to an Asset register
Assets that have been imported but are not linked to an a 6clicks asset stored in the asset register will appear under Not Linked To Assets.
To link an imported asset to an asset in the 6clicks asset register, click the link icon to the right.
A panel will appear on the right where a new asset can be created and linked to, or you can link directly to an existing 6clicks asset. An imported asset is linked to a 6clicks asset by either the Host IP or Domain, depending on the data associated with the imported asset.
To link to an existing asset register, click the link to the left of the asset name.
To create a new asset register, type in the name and press enter.
Enter the asset information in the fields below.
Once linked, the Host IP or Domain field will be populated in the 6clicks asset. Here you can see how a linked 6clicks asset, in this example called Information Asset, is displayed in the Vulnerabilities module when you view by assets.
And below, you can see where it is linked to the asset, in this example, via the Host IP.
Viewing the Vulnerability
Click the vulnerability title to view the vulnerability.
In the Overview screen, details of the vulnerability will appear.
Depending on how your vulnerabilities are imported, there are a few things to note:
- When importing a vulnerability that are associated with a Host IP but across multiple Ports, the ports are consolidated in the Port field, and you can hover your mouse over the field to view all the ports.
- When importing vulnerabilities that are associated with a single Domain but across multiple URLs, the URLs are consolidated in the URL field, and you can hover your mouse over the field to view all URLs.
Click the blue bubble next to priority to select a priority for the vulnerability.
Click the plus next to Vulnerability Owner(s) to add one or more vulnerability owners.
You can link Issues and Risks to the vulnerability on the right-side panel. Click on the plus to link the issue or risk. You can then manage the lifecycle of these from their respective modules.
If the CVE ID was mapped during the mapping process, it can be found in the right-side panel. CVE ID information can be found at https://www.cve.org/.
The status of the vulnerability can also be edited. There are three options:
These statuses allow you to track the lifecycle of vulnerabilities. If you close a vulnerability and it is included in a new vulnerability upload, then the Status will return to open automatically.