Features that Will Improve Your Vulnerability Prioritization

Mar 5, 2015
Andrea Bailiff-Gush

Share with Your Network

Today, we’re announcing new statuses, filters and displays that will impact how you sift through scan data, prioritize vulnerabilities and communicate with your team.

New! Vulnerability Statuses

We’ve added two new vulnerability statuses that will make it even easier for your team to track the lifecycle of a vulnerability: risk accepted & false positive. These statuses are flagged by the end user and can be assigned to an individual vulnerability, or to many at once.

To assign a vulnerability as either risk accepted or as a false positive, navigate to the Home tab, select a vulnerability from the list, and then select the status from the dropdown dropdown. You can also flag the status of vulnerabilities in bulk right in the table.

Note that risk accepted vulnerabilities and false positives will not affect the risk meter score (as only open vulnerabilities are counted). Assigning vulnerabilities with one of these new statuses ensures that your score is only affected by active, open vulnerabilities.

New! “Found” Date Display:

Let’s say that you wanted to know when your risk-accepted vulnerabilities were originally discovered. Simply filter your view by risk-accepted, and then select to display the “Found” date by using the Display dropdown.

Now let’s say that you wanted to track and manage the vulnerabilities that have been Risk Accepted. Select the Export this View dropdown, and a CSV export of your risk-accepted vulns will appear, including the Found date (also New!).

Displaying and reporting on the date found will inform your team of the length of time since discovery, and will provide another decisioning factor for prioritization based on age.

Filter by Port:

You can also now filter your vulnerabilities by the port(s) on which they were discovered. Select the port(s) of interest in the Vulnerability Filters sidebar, and right away the table will filter out the vulnerabilities unassociated with those port(s).

Give these new vulnerability features a spin by heading over to your Risk I/O instance. We think you’ll appreciate the time saved parsing through your vulnerability data and the peace of mind that comes with improving your full picture of risk. And if you don’t already have a Risk I/O account, you can create one for free.

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.