Power Search Your Way Through the Vulnerability Haystack

We’re pleased to announce a powerful new vulnerability search architecture for Risk I/O! Users can now search and filter their vulnerabilities more easily than ever before. The heart of this new functionality is a set of filters that can be mixed-and-matched to generate the specific query that meets your needs.

Individual filters can be expanded to view their possible values, and alongside each value a count is displayed of the number of matching vulnerabilities. Selecting multiple values for a given filter will return a wider data set, while restricting your search to a single value lets you narrow in on vulnerabilities matching very specific criteria.

You could start by looking at all your vulnerabilities tagged “OWASP”, “PCI” and “DMZ”. From there, narrow your results down to vulnerabilities discovered in the last month. Add a further refinement that only high-threat results should be returned. It’s your data, explore it how you want — the possibilities are endless, and we’re expanding the types of metadata available to filters quickly.

While we were at it, we made some improvements to the existing search functionality as well. Our primary search box is still the quickest way to scan your vulnerabilities for specific text or keywords. In combination with other searches, you can use our numeric sliders to limit the results you see based on asset priority, threat level, severity level, and/or overall vulnerability score. Filtering by tag supports boolean criteria: use “any” (boolean OR) or “all” (boolean AND) to specify the tag search logic you’d like to use. As a bonus, all of these searches run faster than ever before.

Combine multiple filters. Vulnerability counts help you understand the nature of your risks.

We hope these enhancements will allow our users to understand and remedy the vulnerabilities they face more quickly and easily. As always, we’d love to hear from you if you have ideas about how we can better achieve this.