Submitting a Vulnerability for a Network Asset

When a Network asset has been selected to submit a vulnerability, you will be provided with the following fields:

  • Title - This field is 'Mandatory'. You can enter the title of the vulnerability that you are currently logging.
  • Description - This field is 'Mandatory'. You can use this field to describe the vulnerability which you are currently logging.
  • Port - This field is 'Mandatory'. You can enter the port number which the vulnerable service is running on.
  • CPE - This field is 'Not Mandatory'. You can provide the CPE information.
  • Steps to Reproduce - This field is 'Not Mandatory'. You can provide detailed steps on how to reproduce the vulnerability that you are currently logging.
  • Mitigation - This field is 'Mandatory'. You can provide information/suggestions on how to fix the vulnerability that you are currently logging.
  • CVE - This field is 'Not Mandatory'. You can provide any relevant CVE Ids for the vulnerability that you are currently logging.
  • Tags - This field is 'Not Mandatory'. You can add tags for the vulnerability that you are currently logging.
  • Add File - This is not 'Not Mandatory'. Using this feature you can attach any files like screenshots/videos etc for the vulnerability that you are currently logging. This can aid the developer in better understanding the issue that has been reported.

 

Logging a Network Vulnerability

  • From the 'Vulnerabilities' page click on 'Add New Vulnerability'.



  • Select an 'Asset' from the list of your assets. Onboarding an asset is a prerequisite to adding any vulnerabilities. More on how to onboard assets here.



  • Now select a 'CWE ID' from the list of CWE ids. This is not mandatory. More about CWEs here.



  • Select a severity for the vulnerability that you are currently logging. You can either choose a standard severity or give your input to the CVSS calculator and it will calculate the severity for you. More about how the CVSS calculator works here.



  • Now enter all the relevant information in the fields that you are presented with. 
  • The vulnerability has been logged successfully.
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.

Articles in this section

See more