Cybral Storm Analyzer User Manual
  • Introduction
  • System Overview
  • How Storm Analyzer works?
  • Getting Started
  • Scan Settings
    • Configuration
    • Machines Status
    • Scans Logs
    • Custom Scan
  • Home
  • Network Topology
  • Network Vulnerabilities
  • Attack Paths Analysis
    • Critical Paths View
    • Critical Assets View
  • Remediation Planner
  • Search Vulnerabilities
  • Organization Settings
  • Conclusion
Powered by GitBook
On this page
  • Top-Level Metrics
  • Vulnerabilities / Scans Graph
  • EPSS Insights
  • Vulnerabilities Distribution
  • Date and Subnet Filters
  • Vulnerabilities Insights
  • EPSS vs. CVSS (Scatter Plot)

Network Vulnerabilities

PreviousNetwork TopologyNextAttack Paths Analysis

Last updated 5 months ago

The Network Vulnerabilities dashboard provides a comprehensive overview of the network’s security status, displaying essential metrics and insights to help users identify, analyze, and prioritize vulnerability management.

Top-Level Metrics

  • Displays a quick summary of critical vulnerability-related data:

    • Total Findings: The total count of all identified issues within the network (e.g., 79).

    • Total Misconfigurations: The number of configuration errors that could expose the network to risks (e.g., 26).

    • Total CVEs: The total count of vulnerabilities with known CVEs (Common Vulnerabilities and Exposures) present in the network (e.g., 53).

    • IP Addresses: The total number of unique IP addresses associated with the identified vulnerabilities (e.g., 21).

Vulnerabilities / Scans Graph

  • This line graph displays the trend of vulnerabilities identified over successive scans, helping users track changes in the network's security posture over time.

EPSS Insights

  • The EPSS (Exploit Prediction Scoring System) Insights chart offers a breakdown of vulnerabilities based on their probability of exploitation, as indicated by the EPSS score.

  • The chart displays how vulnerabilities (CVEs) are distributed based on their exploitation probability, showing the number of vulnerabilities at each probability level from 0% to 100%.

Vulnerabilities Distribution

  • This bar chart categorizes vulnerabilities by severity, using color-coded segments for Critical, High, Medium, and Low levels:

    • Critical: 4 vulnerabilities

    • High: 24 vulnerabilities

    • Medium: 14 vulnerabilities

    • Low: 11 vulnerabilities

Date and Subnet Filters

  • Users can filter the displayed data by History (date of scans) and Subnet, making it easy to view specific scans or focus on particular segments of the network.

Vulnerabilities Insights

  • Vulnerabilities Frequency (Pie Chart):

    • This pie chart shows the distribution of vulnerabilities within the network by their CVE identifiers. Each color represents a unique CVE, with the legend listing specific identifiers.

EPSS vs. CVSS (Scatter Plot)

  • EPSS vs. CVSS Chart:

    • This scatter plot displays vulnerabilities according to their EPSS and CVSS scores, where EPSS shows the probability of exploitation, and CVSS represents the severity level of each vulnerability.

    • The plot features labeled zones to assist with prioritization:

      • High Exploitability, Low Severity: Vulnerabilities with a high EPSS but low CVSS. These are often actively exploited and should be monitored despite their lower severity.

      • Prioritize: High EPSS and high CVSS scores indicate vulnerabilities that are both likely to be exploited and highly severe, requiring immediate attention.

      • Deprioritize: Low EPSS and low CVSS, meaning low risk of exploitation and low severity, making these less urgent.

      • Large Volume of High-Severity Vulnerability: High CVSS with a moderate EPSS indicates that, although the probability of exploitation is moderate, the potential impact would be significant if exploited.

When the user clicks on "Show Vulnerabilities" they are directed to a "Vulnerabilities List" page. This page provides a structured view of vulnerabilities identified within the system:

  • Date Selection: Users can select a specific date from the "History" dropdown to view vulnerabilities as of a certain date.

  • Search and Filter Options: There is a search bar for keyword-based filtering, as well as additional "Filter" and "Subnets" buttons to refine the displayed vulnerabilities further.

  • Resolved Vulnerabilities Toggle: Users can toggle to display resolved vulnerabilities, allowing them to focus only on current or historical data as needed.

  • Date Selection: Users can select a specific date from the "History" dropdown to view vulnerabilities as of a certain date.

  • Search and Filter Options: There is a search bar for keyword-based filtering, as well as additional "Filter" and "Subnets" buttons to refine the displayed vulnerabilities further.

  • Resolved Vulnerabilities Toggle: Users can toggle to display resolved vulnerabilities, allowing them to focus only on current or historical data as needed.

Table Columns:

  • CVE ID: Shows the unique identifier for each vulnerability.

  • Vulnerability: A brief description of each vulnerability.

  • IP Address: Lists the IP address associated with each vulnerability.

  • OS: Indicates the operating system version affected..

  • CVSS: Displays the severity level.

  • EPSS: Indicates the Exploit Prediction Scoring System level, with values like "Critical".

  • Port: Shows the port associated with the vulnerability.

  • Protocol: Indicates the protocol, here shown as "icmp."

  • First Seen: The date the vulnerability was first detected.

  • Tag: Users can assign tags to vulnerabilities for categorization and easier tracking.

When the user clicks the "View" button on a vulnerability entry, they are directed to the "Vulnerability Details" page. This page provides an in-depth overview of a specific vulnerability:

  • Vulnerability Information:

    • CVE ID: The unique identifier for the vulnerability (e.g., CVE-1999-0524).

    • Affected Asset(s): A list of IP addresses impacted by this vulnerability.

    • Description: A brief explanation of the vulnerability.

    • Scope (AV): This section indicates the scope of the attack vector.

  • Numerical Attributes:

    • CVSS and EPSS Scores: Displays the CVSS score (severity rating) and the EPSS score (score of exploitation).

    • Attribute Table: This section contains attributes associated with the vulnerability:

      • CVSS: Severity score on a scale of 10.

      • EPSS: Exploit Prediction Scoring System score, indicating the probability of exploitation.

      • Impact: Measures the impact of exploitation.

      • User Interaction: Indicates whether user interaction is required for exploitation.

      • Exploitability (C): Shows how easily the vulnerability can be exploited.

      • Privileges Required (PR): Indicates the privilege level needed to exploit the vulnerability.

  • Attack Vector (AV): Provides a brief note on the nature of the attack vector, explaining the type of access required for exploitation.

  • References:

    • A URL link is provided under "References" for further reading and verification. Users can copy the link easily by clicking the "Copy" button next to it.

  • Additional Options:

    • Network CVEs, Affected Software, Impact: Expandable sections on the right side of the screen. These provide more context or filters related to network vulnerabilities, software affected, and impact assessment.

Network Vulnerabilities page
Top Level Metrics
vulnerabilities/Scan Graph
EPSS Insights
vulnerabilities Distribution
Date and Subnet Filters
Vulnerabilities Frequency
EPSS Vs CVSS
Show Vulnerabilities
Vulnerabilities List
Vulnerabilities List
View Button
Vulnerability Information
Numerical Attributes
Attack Vector
References
Additional Options