How to use Security Risk page?

How to use Security Risk page?

  • NVADR is structured to recognize security vulnerabilities in your organization's assets. It is crucial to promptly address these risks, as they have the potential to cause data breaches and cyber threats. 
  • To facilitate the swift and effortless identification of potential risks, NVADR provides a comprehensive set of predefined security checks.
  • The identified security risk instances are categorized and listed under the security risks module based on pre-defined criteria, providing a streamlined approach to risk management.

What are the features available under the ‘All Security Risks’ view?

  • Here, the security risk instances are displayed in list format.
  • The displayed information can be filtered based on the severity, category, and scan status of the instances.
  • You are also given the option to mute the instance and to directly send them to the issue tracker. The option to mute an instance is only provided under the list layout. To learn how to mute an asset in Security Risks, please refer to this article - How to Mute Any Instance?
  • To access a comprehensive overview of identified security risk instances, the user may click on the category name of the particular instance. This will lead the user to the chosen category, located under the "Detailed View" sub-module.

What is a severity filter and how to apply it?

  • The security risk instances detected can be sorted into critical, moderate, and low categories, based on their level of risk.
  • These severity filters can be found on the top left corner of the security risk screen. 
  • To view the data related to a specific severity level, the user can click on the corresponding severity filter. This will result in the display of all the security risk instances that fall under the selected severity category..

What is a title/category filter and how to apply it?

  • NVADR incorporates a collection of predefined security risk categories that comprise the most frequent security risks. 
  • All security risk instances identified in any organization are classified into these categories for swift and effortless identification.
  • The category filters can be found on the left-hand side of the security risk screen, where all identified security risk categories are displayed. 
  • To view data related to a particular category, the user may select the corresponding category filter. This will display all the security risk instances categorized under the selected category.

What are the features available under the ‘tabular view’?

  • The table layout displays security risk instances in a row and column format, which provides a more user-friendly design for analysts. 
  • The list and table layout present the same information, with additional exposure instance details included in this format. Exposure instance information can include port numbers, protocols used, security risk nature, or reason for the risk.
  • Users can select the checkbox located in the left corner of each instance to send multiple security risk instances to the issue tracker.
  • Two filters, asset (asset URL) and exposure issue (security risk category), are provided for this purpose. 
  • To gain further insights into a particular security risk category, users can click on the corresponding exposure issue. As with the list layout, this will redirect the user to the security risk screen.

What information is provided under the detailed view of security risks?

NVADR uses pre-defined categories to identify and list security risk instances, and each of these categories is explained in detail under the list of security risks module. The identified security risk categories are all listed on the left-hand side of the screen for easy access.

Each category is explained with the following:

  • Summary: Description of Security Risk by NVADR
  • Recommendation: Suggested fix/best practices for patching these Security Risks.
  • Reference: Suggested readings for the Security Risk.