The "Triage Vulnerabilities" page will feature a comprehensive list of all vulnerabilities that have yet to be triaged or hidden. At the top of the page, you'll find a summary indicating the total number of vulnerabilities awaiting triage. Just below this, there's a table organized into five columns. The entries in this table are prioritized first by the "Score" column and then by the "Affected Assets" column, ensuring that the most critical vulnerabilities are showcased at the top of the page.
The first column, titled "Triage," features a green checkmark and a red X icon. Selecting the green checkmark will remove the corresponding vulnerability from the "Triage Vulnerabilities" table and generate a risk associated with that vulnerability. Additionally, all assets linked to the vulnerability will be connected to this new risk, and the "View Risks" page will be updated to display this vulnerability along with a link to the newly created risk. Conversely, if you click the red X icon, the vulnerability will also be removed from the "Triage Vulnerabilities" table, but no risk will be generated for it. Please note that once a vulnerability has been hidden, there is currently no option to retrieve it through the user interface.
The second column, titled "Score," will showcase the CVSS score linked to the vulnerability in that specific row. This score is sourced from our vulnerability management platform and will play a crucial role in evaluating the newly created risk should you choose to triage the vulnerability. For all new risks, the CVSS scoring will be applied automatically, and you will have the option to update the score for that risk once it has been established.
The third column, titled "Title," presents the name of the vulnerability for that row. This name typically serves as a high-level identifier for the vulnerability and will be utilized in the "Subject" field of the newly created risk.
The fourth column, labeled "Description," provides a more comprehensive explanation of the vulnerability, which will be applied to the "Risk Assessment" field in the new risk entry.
Lastly, the fifth column, called "Affected Assets," indicates the total number of assets linked to the vulnerability in that row. Once a vulnerability is assessed and categorized as a risk, all associated assets will be linked to the risk, provided they remain in the asset inventory (please refer to "Configure" for guidance on how to enable this functionality).
View Risks
The "View Risks" page will feature a comprehensive list of all vulnerabilities that have been classified as risks, whether they were assessed manually or through automated processes. At the top of the page, you will find the total number of vulnerabilities that have been triaged. Just below this summary, a table will present five columns of information. The rows in this table are organized primarily by the "Score" column, followed by the "Affected Assets" column, ensuring that the most critical risks are displayed prominently at the top of the page.
The first column, titled "Risk ID," displays the unique identifier for each risk generated during the vulnerability triage process. By clicking on the risk ID, you will be able to view the details of that risk in a new browser tab.
The second column, titled "Score", will present the CVSS score linked to the risk in that row.
The third column, titled "Title", will indicate the name of the risk, aligning with the "Subject" field in the newly created risk.
In the fourth column, labeled "Description", you will find a comprehensive explanation of the vulnerability, corresponding to the "Risk Assessment" field in the newly created risk.
Finally, the fifth column, titled "Affected Assets", will show the total number of assets connected to the newly created risk.