View attack surface tests - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-06-20
Category
Administrator Guide

View information about the available attack surface tests, and enable or disable tests on the Vulnerability Testing page. By default all tests are enabled.

  1. Navigate to Policies and RulesAttack Surface Testing.

  2. Filter and sort the list of tests as needed to identify the tests you want to enable or disable.

  3. Select one or more tests using the check boxes, and right click to Enable or Disable them.

Attack surface test field descriptions

Field

Description

Affected Software

Software names and versions impacted by this vulnerability.

CWE IDs

Common Weakness Enumeration ID. This ID is defined by MITRE.

Created

When Cortex XSIAM released this test.

Description

Description of the vulnerability.

EPSS Score

The Exploit Prediction Scoring System (EPSS) score indicates the likelihood that a vulnerability will be exploited in the wild. Possible values are between 0 and 100%, and the higher the score, the greater the probability that a vulnerability will be exploited.

First Published

When this vulnerability was first published.

ID

Unique ID for this test.

Name

Name of the test.

References

Research references and supporting documentation.

Remediation Guidance

Recommended steps for remediating or mitigating the vulnerability.

Severity Score

The CVE severity score is based on the NIST Common Vulnerability Scoring System (CVSS).

Services Found Vulnerable

The number of directly-discovered services owned by your organization that Cortex XSIAM has confirmed vulnerable with this test.

Status

Indicates whether the test is Enabled or Disabled.

Vendor Names

Name of the vendor whose product is impacted by the vulnerability.

Vulnerability IDs

CVE number or other public identifier for the vulnerability.