Get Started

Getting Started

Deploy

Onboard and Manage Accounts

Amazon Web Services (AWS)

Google Cloud Platform (GCP)

Microsoft Azure

Oracle Cloud Infrastructure (OCI)

Additional Providers

Collect and Integrate Data

Harvesting & Event-Driven Harvesting

Integrations

Understand Data

Visibility & Reporting

Inventory

Query Filters & Insights

Manage and Act on Data

Bots & Automation

Infrastructure as Code (IaC) Security

Cloud IAM Governance

Vulnerability Management

Workload Security

Manage System Settings

InsightCloudSec System Configuration

Developer Resources

APIs

Support

Reviewing and Managing Vulnerabilities

The Vulnerabilities page provides a focused view of the impact vulnerabilities have on your environments that are connected to InsightCloudSec, including:

Search functionality and filtering to narrow the list of resources to only the most critical or vulnerable
Comprehensive assessment and visibility including:
- All detected vulnerabilities plus CVSS score, Active Risk score, and number of impacted resources
- All software plus their number of vulnerabilities and impacted resources
- All containers and instances that are affected by a vulnerability, plus the scanned artifact and last scanned time
Recommended solutions for each vulnerability as software and OSS version updates
Actions and automation that trigger alerts, ticketing, remediation workflows, and data exports
Assessment coverage and health monitoring to identify any errors or access issues impacting feature operations

Explore Vulnerabilities

In InsightCloudSec, navigate to Security > Vulnerabilities to start viewing high risk vulnerabilities and their impact on your environment.

Filter

The Vulnerabilities feature includes filtering functionality to effectively narrow the scope of and navigate the data.

Filter Containers or Instances

You can use the Resource Type filter to only display Containers or Instances

Add Filter

Filtering allows for narrowing the scope of the resources list using properties like cloud accounts, clusters, resource groups, etc. Some things to note about filtering behavior:

Each selected filter updates dynamically with options appropriate for the property selected.
After selecting an initial property, click + Add Filter to add an additional filter and further narrow the scope.
If filtering on a Resource Tag:
- Searching for a tag is case insensitive.
- New tags are harvested every 12 hours by the ResourceTypeTrigramsProcess background job (see System Settings for more information).

To add a filter:

Click the Add Filters button to open the side panel.
Select and configure a property to get started.
After configuring your desired filters, click Apply to update the scope for the feature.

Save Filters (Optional)

After Adding a Filter, you can save it so that it can easily be reused the next time you access the feature. Saved filters are feature-specific (since options vary between features), i.e., a saved filter in Feature "A" will only be available in Feature "A" and will not be available in Feature "B".

To save a filter:

Once filter(s) have been applied, ensure the filters list is expanded by clicking the arrow (>)
Click the ellipsis (...) button, then click Save Filter.
Provide a name for the filter and an optional description.
Select the checkbox for Set as Default Filter to set this filter as the default for the feature.
Select the checkbox for Make this a Public Filter to allow other users to see the filter.
Click OK.

Once a filter has been successfully saved, it can be accessed (along with other saved filters) or edited from the same ellipsis menu.

Data Display

The display presents all of the data analyzed within the Vulnerabilities feature as well as the total number of scanned vulnerabilities, software, and resources, but this value will update to reflect the number of items scoped by any configured filters. Details of the data reflected here are explored in the Frequently Asked Questions (FAQ). The data display is split across three tabs: Vulnerabilities, Software, and Resources. When combined with filtering, these scoping capabilities enable you to quickly navigate to specific areas that you want to evaluate for risk. There is some common functionality across the tabs:

Search - Type into the search bar and the data will automatically filter to match the criteria.
Download (Vulnerabilities and Resources tabs only) - To save a copy of the data, click Download next to the search bar and select either CSV or JSON. The file will be prepared in the background until it is ready to be downloaded by your web browser. If the file preparation takes longer than 10 minutes, it will time out, so it's best to narrow the scope prior to downloading.
Column Sort - To sort the data by a particular column, click the column header.

Vulnerabilities

Feature	Description
Active Risk	The assessed risk value (0-1000) for the particular vulnerability based on internal InsightCloudSec calculations A shield designates that the CVE has known exploits Crosshairs designate that the CVE has been actively exploited in the wild
CVSS Score	The CVSS score given to the particular vulnerability.
CVE ID	The unique ID for the vulnerability. Click the CVE ID to open the Vulnerability Details blade
Impacted Resources	The total number of resources affected by the vulnerability. Click the number to reveal additional actions: View Resource(s) Risk - Pivot to Layered Context with the results filtered to the impacted resources View Resource(s) Scan List - Pivot to the Resources tab (within Vulnerabilities) with the results filtered to the impacted resources
First Detected	The date the vulnerability was first detected in your environment
Last Detected	The date the vulnerability was last detected in your environment
Action	Offers a context menu with various options, including viewing vulnerability details or viewing impacted resources in Layered Context or the Resources tab

Software

Feature	Description
Show Software without Vulnerabilities	Select the checkbox to include software that does not have any vulnerabilities in the table
Active Risk	The assessed risk value (0-1000) for the particular software based on internal InsightCloudSec calculations A shield designates that the CVE has known exploits Crosshairs designate that the CVE has been actively exploited in the wild
Vulnerabilities	A summary of the Vulnerability findings for the software. Point to the value with your cursor to expose a detailed summary
Type	The type of software (language, operating system, or package)
Technology	The technology associated with the software type
Software	The name of the software. Click the Name to open the Software Details blade
Version	The version of the software as of the last assessment
Impacted Resources	The number of resources using the software
Last Detected	The date the software version was last detected
Action	Offers a context menu with various options, including viewing software details or view impacted resources in Layered Context or the Resources tab

Resources

Feature	Description
Vulnerabilities	A summary of the Vulnerability findings for the resource. Point to the value with your cursor to expose a detailed summary
Type	The type of resource (Instance or Container)
OS Platform	The Operating System (OS) Platform that the host or container is using.
Resource	The name of the resource. Click the Resource Name to open the Resource Properties blade.
Image ID	The ID for the image associated with the resource. If the resource is related to a container, the Image ID will also include a `sha256` hash. See the Vulnerabilities FAQ for details.
Cloud Account	The name, type, and ID of the Account the resource is associated with
Last Scanned	The time the resource was last scanned
Action	Offers a context menu with various options, including viewing resource details, triggering a reassessment scan of the resource, or downloading the resource’s data or vulnerabilities

Sample Use Cases

Assessing the Impact of a Specific Vulnerability

Navigate to Security > Vulnerabilities > Vulnerabilities.
Using the search or filters capability, search for a particular CVE ID.
Click the Action menu (...) and click View Resource(s) Scan List.

The Resources tab will load and be automatically filtered to only include the selected vulnerability. From this point, you could filter on a particular resource type (host instance or container) to narrow your focus and download the result set.

Assessing a Zero-Day Vulnerability

Often when a zero-day vulnerability occurs, there is no CVE and the best way to determine surface area is a search by software and version. In these scenarios, you can focus on a specific software (like log4j) and see the impact of that software across your environment.

Navigate to Security > Vulnerabilities > Software.
Using the filters capability, add the Software Name contains condition and add the name as the condition value (e.g., log4j).
Click Apply. The Software tab will load and be automatically filtered to only include software with a name containing the value you specified.
Navigate to the particular software of focus and click the Software Name to open the Software Details blade. The default tab for this blade is Resources, where you can see all of the resources that currently are associated with this software.

From this point, you could download the result set or utilize Query Filters and Insights to take action on the result set.

Did this page help you?

Vulnerability Management

Configuring Container Vulnerability Assessment (CVA)

Workload Security

Kubernetes Automated Agent Deployment