Vulnerability Management Overview
This document applies only to the Vulnerability Management engine, released April 20, 2022. Make sure you are using the correct documentation: Which Scanning Engine to Use
The Vulnerability Management Overview page helps enable rapid identification of:
- VM trends
- Pervasive vulnerabilities and policy failures
- New risks, and
- Riskiest segments of your environment
The Overview provides reportable trend analysis that you can download as reports, export to create tickets, or share with team members. From the Overview, you can pivot into remediation workflows for specific CVEs, policies, architecture segments or coverage gaps.
Scan Data Timelines
Each panel reports on the behavior of scans for the past 30 days. Individual scan data from:
- Runtime is retained for 14 days
- Registry and Pipeline is retained for 90 days
- Package Details in the the drill-down is available for 48 hours
- Sysdig Secure (SaaS) using current Vulnerability Management engine
- Vulnerability CLI and Registry scanners installed (optional)
Log in to Sysidig Secure (SaaS).
Select Vulnerabilities > Overview . The Overview landing page opens with three phases (Runtime, Registry, and Pipeline) aggregated in the overview section.
Select top-level filters to focus on a particular subset of vulnerability or policy data: phase, criticality, and/or CVE & package context (Has Fix, Has Exploit, and In Use).
Select the dropdown next to the page title to focus on a particular phase of scanning. Within a phase, you can further scope the content in specific ways:
- Pipeline (scope by Image Name and Pull String)
- Registry (Scope by Vendor Name and Repo)
- Runtime (Scope by Namespace and Cluster)
Select any or all criticality level: Critical, High, Medium
Select the package and CVE context variables: Has Exploit, In Use, and/or Has Fix
The CVE trend chart displays data from the past 30 days. You can use the date selector or double-click on a day to see the Vulnerability panel results filtered for just that day.
Note that runtime and pipeline scans are performed twice a day, while registry scans are only performed after an action.
All of the context filters apply to the widget on the page, the drilldown drawers, and exports of data.
Featured Use Cases
Vulnerability Management Usage
The top panel is designed to guide Vulnerability Management workflows.
This panel gives an overview of:
- Trends of Unique Vulnerabilities in the environment over the past 30 days
- Most Pervasive vulnerabilities
- Recently Released vulnerabilities, and
- Namespaces with the most vulnerability detections
These let you answer questions about their risk posture, such as:
- Are my CVE detection trending down?
- What are the most pervasive vulnerabilities?
- What are the most recent vulnerabilities (log4j-type event)?
- What is my most vulnerable application, segment or zone?
Each line item expands to a detail panel for further investigation.
The identified resources, vulnerabilities, or policies in the dropdown can be further filtered and exported via the Sysdig reporting or through a
Policy and Risk Management Usage
The Compliance Manager asks three fundamental questions.
- Which of my Compliance programs is struggling with control failures?
- Which of the controls is failing the most?
- Which of my applications, segments, or zones is failing the most policies?
The Policy Panel provides insight to all of these questions via the widgets:
- Top Failing Policies
- Top Failing Assets
- Top Failing Rule Sets
Dropdowns provide for more information and Export.
Identify Progress through Metrics
- Choose a Filters for Phase (if applicable).
- Choose CVE type filters.
- Filter on segments of the infrastructure (if necessary).
- Review the metrics graph to see trends.
- Click on days to identify the difference between them.
- Export any data to
.csvfrom a subpanel.
- Export the page including the graph to PDF for reports to executive.
Identify a Problematic CVE
- Filter by Has Fix, Has Exploit, and possibly In Use.
- Filter by desired severity.
- Review the Top Recent or Top Pervasive widget.
- Identify a New or Particularly pervasive CVE.
- Click into the dropdown.
- View the assets and associated packages.
- Create a Report
- Export the list of assets and packages to CSV
- OR click through to the results page of a single asset.
Reports and Exports
There are various ways that the Vulnerability Management Dashboard can support your workflows through data exports.
The dashboard can be scoped and filtered to support a focused view of trending and critical issues. Once filtered, you can export the Dashboard to PDF for inclusion in executive reports, audit artifacts, or briefings.
Critical Vulnerability or Policy Tables
You can export data in tabular form from any of the widgets or panels on the VM Dashboard using the cloud download button on the panel. You can use this data in business intelligence or tracking tools.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.