Identify and escalate security issues in your CIs and software

You can use the Vulnerability Response module to compare security-related data pulled from internal and external sources, such as the National Vulnerability Database, to vulnerable CIs and software identified in the Asset Management module. If CIs or software are found to be affected by a vulnerability, you can escalate the vulnerabilities by creating changes, problems, and security incidents (if the Security Incident Response plugin is activated).

Before you begin

Role required: sn_vul.vulnerability_write

About this task

The following menu options under the National module can be used to view records in the NVD and compare them with vulnerable items in your system. The information in these options can be used for deciding whether vulnerabilities should be escalated:
  • Entries
  • Software
  • Common Weakness
Note: In addition to National Vulnerability Database Entries, you can integrate with other third-party vulnerability monitoring software packages. When you view the detail for a third-party vulnerability entry using the Third-party > Entries option, you can see vulnerability references and vulnerability items. From the vulnerability references, you can view external references to better understand the vulnerability. From the vulnerable items, you can create change requests, problems, or security incidents (if the Security Incident Response plugin is activated) as needed.

Procedure

  1. Navigate to Vulnerability > National.
  2. View vulnerability information pulled from the National Vulnerability Database using any of the following options.
    OptionAction
    Entries Select this option to view a list of Common Vulnerability Entries (CVE) records that were identified using third-party security monitoring tools. Click any CVE record to view:
    • a summary information for the CVE record.
    • a reference to a Common Weakness Enumeration (CWE) record, if applicable.
    • the record's score on the Common Vulnerability Scoring System (CVSS). For more information on the CVSS, go to the National Vulnerability Database website.
    Software Select this option to view software vulnerabilities returned from the NVD entries. You can use this information to match the NVD software to an Asset Management discovery model.
    Common Weakness Select this option to view Common Weakness Enumeration (CWE) records downloaded from the CWE database that you can use for reference when deciding whether a vulnerability needs to be escalated. Each CWE record also includes an associated knowledge article that describes the weakness. You cannot escalate a vulnerability from the Common Weakness Enumerations screen, it is for reference only.
    Each of these menus options provides information you can use to decide whether a given vulnerability warrants escalation.
  3. On the National Vulnerability Database Entries and Vulnerable Software screens, you can click the following tabs to obtain additional information for identifying vulnerabilities. As indicated in the table, you can click the following buttons to escalate the record:
    • Create Change: to create a CHG.
    • Create Problem: to create a PRB.
    • Create Security Incident: to create an SR.
    OptionAction
    Vulnerable Items Click this tab to view a list of vulnerable items, which consist of pairings of potentially vulnerable CIs and software for the selected CVE record (if applicable). You can click any of the buttons at the top of the screen to escalate the CVE record to the appropriate team. You can also click the "i" icon for any vulnerable item to view additional information about the CI/software pairing.
    Vulnerability Entries (on Vulnerable Software screen only) Click this tab to view a list of CVE records for the selected software record. Click a CVE record to view its details. Then you can click any of the buttons at the top of the screen to escalate the CVE record to the appropriate team.
    Vulnerable Software (on National Vulnerability Database Entries screen only) Click this tab to view software vulnerabilities returned from the NVD entries. You can use this information to match the NVD software to an Software Asset Management discovery model.
    Vulnerability References (on National Vulnerability Database Entries screen only) Click this tab to view vulnerability reference information for the selected CVE record.