📙 You will learn
How to create filters for vulnerabilities.
Prerequisites
Audience: IT Professional or End User
Difficulty: Basic
Time needed: Approximately15 minutes
Tools required: N/A
To utilize policies in a workflow, users must first define and save filters for the policies. In this example, we will create a filter to only show vulnerabilities that are open and not false positives.
Creating a Filter
To create Filters first expand the Application menu on the Navigation sidebar. Click to expand the Customize sub-menu and select the Filters page.
Filters can also be created in the Application Details page on the right of the vulnerability tree as well as in the Team Details page, and the Analytics page under the Trending, Snapshot, Remediation, and Vulnerability Search tabs.
To create this example filter, at a minimum, the name field must be filled out before clicking the Save button to save the filter.
Note the many available options and details available when creating filters found under the Vulnerability Detail section.
Once the filter is saved it can be applied to an application in the Application Details page under the Load Filters tab to the right of the vulnerability tree. From the drop-down menu select the newly created filter and it will be automatically applied.
Note the applied filters.
Filters can also be created or edited from this section of the application’s details page under the Filters tab.
Note: If a filter is created from a team’s details page or an application’s details page the filter will have a default scope of that team or application. To make a filter that can be applied to multiple teams and applications, please use the Manage Filter page described above or the Vulnerability Search tab in Analytics.
Filtering Details
Scope
Teams - Input field that allows users to include any desired teams into the report
Applications - Input field that allows users to include any desired applications into the report
Unique ID - Input field for a unique ID which is an alternate identification name for an application createad by the user.
Tag - Input field allowing users to include any desired created tags that have been associated to an application into the report.
Vulnerability Detail - Checkboxes divided into two categories, Severity and Other. The Severity options can be selected to include the desired vulnerability severity levels into the report, ranging from the most severe level of Critical down to the least severe level of Unassigned. The Other options provided vary from the following:
Total - Providing a total count of vulnerabilities
Old - Based on vulnerabilities identified and have remained open since the last scan
New - Based on vulnerabilities that have recently been identified in the most recent scan
Resurfaced - Based on vulnerabilities that were closed by have been reopened
Closed - Vulnerabilities that have been resolved and marked as closed
Hidden - Vulnerabilities that have been chosen to be hidden by the user. Note though hidden, these are still ingested unless they have been set to be excluded per-scanner.
Time - Users can select from available preset ranges of time such as Last Quarter, Last Year, or Forever. Also available is a calendar select input field allowing for a custom range of time to be set.
Create Filters - Alternate Method
To create a new filter from an application’s details page clear any applied filters with the clear button under the Filters tab, select the desired fields to be applied and under the Save Current Filter field name the new filter and select apply.
To modify an existing filter select the desired filter under the Load Filters tab (the selected filter will be applied when selected), then select the Filters tab and make the desired changes to the applied filter and select apply. This will edit the saved filter to the newly selected filter parameters.
Creating and editing filters from the Team Details page and the Analytics page under the Trending, Snapshot, Remediation, and Vulnerability Search tabs follow the same work flow described above.