Managing Vulnerabilities
This topic describes how to perform the authoring and management tasks for vulnerabilities such as creating, editing, moving, and retrieving vulnerable assets.
See also Modeling the Network.
Note also that you can create a vulnerability channel. For more information on active channels, see Monitoring Active Channels.
Where: Navigator > Resources > Assets > Vulnerabilities tab
To create a vulnerability:
-
In the Navigator panel's drop-down menu, choose Assets, then click the Vulnerabilities tab.
-
Right-click a group and choose New Vulnerability.
-
On the Vulnerabilities Attributes tab, type in the following text fields:
Vulnerability Attribute
Description
Name
The vulnerability's name (required). It can be generated by the ArcSight Manager in response to vulnerability scanners. If so, this field is identical to the External ID field except that the pipe (|) is replaced with a dash (-). For example, CVE | CVE-1999-200 is represented as
CVE - CVE-1999-200
.Knowledge Base Article
Optional: A link to a knowledge base article that further describes the vulnerability.
External ID
An ID of the format <standards body>|<id>, such as CVE | CVE-1999-200.
Owners
ArcSight users (analysts) who are interested in the vulnerability.
Notification Groups
ArcSight users (analysts) who are notified of events involving the vulnerability.
-
On the Vulnerable Assets tab, click the Add New button, if you've defined assets that include this vulnerability.
Note: Refer to Working with Vulnerable Assets for details on using the Vulnerable Assets tab.
To edit a vulnerability:
-
Right-click a vulnerability and choose Edit Vulnerability.
-
On the Attributes tab, type in the text fields as described above.
-
On the Vulnerable Assets tab, click the Add New button, if you've defined assets that include this vulnerability.
To move or copy a vulnerability:
-
Drag and drop a vulnerability into another group.
-
Choose one:
- Move to move the vulnerability,
- Copy to make a separate copy of the vulnerability, or
- Link to create a copy of the vulnerability that is linked to the original vulnerability.
If you choose Copy, you create a separate copy of the vulnerability that is not affected when the original vulnerability is edited. If you choose Link, you create a copy of the vulnerability that is linked to the original vulnerability. Therefore, if you edit a linked vulnerability, whether it be the original or the copy, all links are edited as well. When deleting linked vulnerabilities, you can either delete the selected vulnerability or all linked vulnerability copies.
To delete a vulnerability:
-
Right-click a vulnerability and choose Delete Vulnerability.
-
In the dialog box, click Yes.
To add a vulnerability to an asset:
- Open a vulnerability active channel
- Right-click a vulnerability and choose Add To Asset.
- In the Asset Editor, click OK.