Explore the Vulnerability Assessment Workspace

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • The Vulnerability Assessment Workspace is designed for the Vulnerability event manager to perform exposure assessment, and proactively manage critical vulnerability events especially during the critical vulnerability events such as a zero-day event.

    After a critical vulnerability is identified, vulnerability event managers can assess the potential impact and risk associated with the vulnerability. The analysts can analyze the affected system, applications, or network components to understand the severity and possible attack vectors within the organization.

    The Vulnerability Assessment Workspace contains:

    Exposure Assessment page

    Provides detailed visibility into the assets exposed to vulnerabilities and vulnerable software. The Exposure assessment functionality provides:
    • Visibility into impacted assets for vulnerability and affected software
    • Ability to perform standalone assessments for a single CVE or vulnerable software
    • Visibility to impacted assets for CISA known exploited vulnerability CVEs
    • Visibility to exposure from additional discovery model and assets.
    • Ability to create vulnerable items

    Vulnerability Assessment page

    The Vulnerability Assessment page where you can handle vulnerability crisis events from assessment to resolution using the Vulnerability Crisis Management workflow. The workflow lets you track vulnerability events of interest, analyse risk associated with them, perform exposure assessment across multiple inventories (For e.g. Software Installations inventory) and declare it as a crisis for elevated response engagement. You can then associate the vulnerability assessment record to a major security incident and enable the security incident response team to respond to the crisis.

    • Create and modify vulnerability assessments for critical vulnerability events
    • Record key attributes of the vulnerability to calculate risk
    • Perform vulnerability assessment to determine exposure level and priority
    • Declare the vulnerability assessment as a critical event
    • Associate the vulnerability assessment to a major security incident by linking, proposing or promoting the vulnerability assessment to a major security incident.

    List page

    The List page comprises a library containing:
    • CVEs
    • TPEs
    • CWEs

    The following image shows you the Vulnerability Assessment Workspace home page.

    Vulnerability Assessment workspace