Open topic with navigation

Managing Vulnerabilities

This topic describes how to perform the authoring and management tasks for vulnerabilities such as creating, editing, moving, and retrieving vulnerable assets.

See also Modeling the Network.

Note also that you can create a vulnerability channel. For more information on active channels, see Monitoring Active Channels.

Where: Navigator > Resources > Assets > Vulnerabilities tab

To create a vulnerability:

  1. In the Navigator panel's drop-down menu, choose Assets, then click the Vulnerabilities tab.

  2. Right-click a group and choose New Vulnerability.

  3. ClosedOn the Vulnerabilities Attributes tab, type in the following text fields:

    Vulnerability Attribute

    Description

    Name

    The vulnerability's name (required). It can be generated by the ArcSight Manager in response to vulnerability scanners. If so, this field is identical to the External ID field except that the pipe (|) is replaced with a dash (-). For example, CVE | CVE-1999-200 is represented as CVE - CVE-1999-200.

    Knowledge Base Article

    Optional: A link to a knowledge base article that further describes the vulnerability.

    External ID

    An ID of the format <standards body>|<id>, such as CVE | CVE-1999-200.

    Owners

    ArcSight users (analysts) who are interested in the vulnerability.

    Notification Groups

    ArcSight users (analysts) who are notified of events involving the vulnerability.

  4. On the Vulnerable Assets tab, click the Add New button, if you've defined assets that include this vulnerability.

    Note: Refer to Working with Vulnerable Assets for details on using the Vulnerable Assets tab.

To edit a vulnerability:

  1. Right-click a vulnerability and choose Edit Vulnerability.

  2. On the Attributes tab, type in the text fields as described above.

  3. On the Vulnerable Assets tab, click the Add New button, if you've defined assets that include this vulnerability.

To move or copy a vulnerability:

  1. Drag and drop a vulnerability into another group.

  2. Choose one:

    • Move to move the vulnerability,
    • Copy to make a separate copy of the vulnerability, or
    • Link to create a copy of the vulnerability that is linked to the original vulnerability.

    If you choose Copy, you create a separate copy of the vulnerability that is not affected when the original vulnerability is edited. If you choose Link, you create a copy of the vulnerability that is linked to the original vulnerability. Therefore, if you edit a linked vulnerability, whether it be the original or the copy, all links are edited as well. When deleting linked vulnerabilities, you can either delete the selected vulnerability or all linked vulnerability copies.

To delete a vulnerability:

  1. Right-click a vulnerability and choose Delete Vulnerability.

  2. In the dialog box, click Yes.

To add a vulnerability to an asset:

  1. Open a vulnerability active channel
  2. Right-click a vulnerability and choose Add To Asset.
  3. In the Asset Editor, click OK.