When a Network asset has been selected to submit a vulnerability, you will be provided with the following fields:
- Title - This field is 'Mandatory'. You can enter the title of the vulnerability that you are currently logging.
- Description - This field is 'Mandatory'. You can use this field to describe the vulnerability which you are currently logging.
- Port - This field is 'Mandatory'. You can enter the port number which the vulnerable service is running on.
- CPE - This field is 'Not Mandatory'. You can provide the CPE information.
- Steps to Reproduce - This field is 'Not Mandatory'. You can provide detailed steps on how to reproduce the vulnerability that you are currently logging.
- Mitigation - This field is 'Mandatory'. You can provide information/suggestions on how to fix the vulnerability that you are currently logging.
- CVE - This field is 'Not Mandatory'. You can provide any relevant CVE Ids for the vulnerability that you are currently logging.
- Tags - This field is 'Not Mandatory'. You can add tags for the vulnerability that you are currently logging.
- Add File - This is not 'Not Mandatory'. Using this feature you can attach any files like screenshots/videos etc for the vulnerability that you are currently logging. This can aid the developer in better understanding the issue that has been reported.
Logging a Network Vulnerability
- From the 'Vulnerabilities' page click on 'Add New Vulnerability'.
- Select an 'Asset' from the list of your assets. Onboarding an asset is a prerequisite to adding any vulnerabilities. More on how to onboard assets here.
- Now select a 'CWE ID' from the list of CWE ids. This is not mandatory. More about CWEs here.
- Select a severity for the vulnerability that you are currently logging. You can either choose a standard severity or give your input to the CVSS calculator and it will calculate the severity for you. More about how the CVSS calculator works here.
- Now enter all the relevant information in the fields that you are presented with.
- The vulnerability has been logged successfully.
Comments
Article is closed for comments.