View attack surface test results - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-05-22
Category
Administrator Guide

Attack surface test results are displayed on the Services page in the Inventory. The following fields in the Services table enable you to search for specific vulnerabilities.

  • Confirmed Vulnerabilities—This field lists CVE IDs (or other vulnerability IDs) of the vulnerabilities that have been confirmed present on the service. You can search this field for a specific CVE ID to find all the services that have a confirmed vulnerability with that ID.

  • Confirmed Not Vulnerable—This field lists CVE IDs (or other vulnerability IDs) of the vulnerabilities that have been confirmed to be not present on the service. You can search this field for a specific CVE ID to find all the services that have are confirmed not vulnerable for that vulnerability.

  • Vulnerability Test Result—The value Confirmed Vulnerable indicates there is at least one confirmed vulnerability on the service. You can filter on this field to find all services with at least one confirmed vulnerability.

How to view attack surface test results for a specific CVE
  1. Navigate to AssetsAsset InventoryAll External Services

  2. Filter the Services table to find the services with a specific confirmed vulnerability.

    1. Click on the filter icon at the top of the Confirmed Vulnerability ID column, and enter the vulnerability ID in the dialog box.

      ast-filter.png
    2. Click anywhere outside the dialog box to filter.

    The list of services that are confirmed to have that vulnerability will display.

  3. Click on a row in the table to display the details panel for that service.

    On the service details panel, you can review the list of tests run, test dates, whether each test produced a confirmed vulnerable or confirmed not vulnerable result, evidence, and remediation guidance.

    Click the arrow to the left of each test result to display the 14-day test history and the evidence payload returned by the service.

    vt-result-details.png