ThreadFix 3.X Infrastructure Features Overview
- Daniel Colon
You will learn
An overview for some of the new features and capabilities of ThreadFix 3.0’s network vulnerability features.
Prerequisites
Audience: IT Professional or End User
Difficulty: Basic
Time needed: Approximately 15 minutes
Tools required: None
Login
Once ThreadFix has completed startup, login to ThreadFix with the default credentials: username "user" and password "password".
It’s important to change the username and password credentials from the defaults provided during installation.
Dashboard
The default dashboard has 6 reports in a responsive design built to accommodate a wide range of screen sizes. In future versions of the application the reports will be customizable with user selectable placement and filter sets along with additional reports being made available over time. The 6 launch-day reports are:
ThreadFix’s 6 Launch-day Reports | |
|---|---|
Vulnerability Trending | A report showing a trending graph of the last 6 months of vulnerability counts indicating by severity how many vulnerabilities have been open in the system. |
Vulnerability Activity | This shows a total current count of vulnerabilities open in the system, how many have been newly created in the last 30 days, and how many have been remediated in the past 30 days. |
Operating System | The Operating System report shows asset distribution by operating system family. |
Most Vulnerable Networks | A list of defined networks which have the most total Critical and High vulnerabilities, with each vulnerability severity count displayed. |
Most Vulnerable Hosts | A list of which assets have the greatest number of currently open Critical and High vulnerabilities with each vulnerability severity count. |
Top 10 CVE Vulnerabilities | A list of the most prevalent Common Vulnerabilities and Exposures (CVE) across the portfolio. |
Network
The Network list page allows definition of the networks within the environment, their total current asset, and vulnerability counts. Before uploading scans, define some networks that represent the environment. Click the Add New button, on the upper right, to get started.
To view the Network list, click on Infrastructure from the Navigation side bar and select Network.
Network details can be defined; the IP Ranges section allows creating a network list of IPs through a combination of CIDR, and a starting and ending IP number which is an inclusive range of IPs or individual IP addresses. Each of those can be designated as representing "Static" assets (meaning assets with IP addresses that remain constant) or "Dynamic" assets (meaning assets that are assigned IP addresses dynamically over time).
Scans
Scan files can be uploaded once networks have been created as desired.
Click Scans on the navigation sidebar to upload the first scan file. Click the Upload Scan button and a modal will pop up asking for a scan file.
Drag and drop a scan file to the pop-up modal or click the Choose File button to browse to the file’s location. Once uploaded the scan's process can be tracked from the Scans Queued tab on the Scans page. Once the upload is completed a message briefly appears at the top of the screen indicating the upload has been successful and the scan will no longer be visible in the Scans Queued list. Instead the scan will be listed on the Imported Scans tab.
Assets
Scan ingestion has many steps, but one of the important functions of a scan import is to identify which assets the scan file provided was actually assessing. The Asset Detail page details trending data and current metrics on this asset. This list of assets will be created within ThreadFix as part of the scan ingestion process if they do not yet exist.
To view the Assets page, expand the Infrastructure menu from the Navigation sidebar and select Assets.
The list of assets can be sorted by Machine Name, Last Scanned Date or Vulnerability Counts. Or they can be filtered by Hostname, Domain, IP Address or MAC Address. Click on an asset to view additional details for it.
Asset Options
Filters
Vulnerabilities can be filtered down to just the specific findings of interest. Clicking the Filters button on the upper right of the screen will bring up optional filters vulnerabilities can be filtered by. These include Date First Found, Port, CVE List, CVSS Range, and Status.
Audit
Vulnerability results can have their Severity or Status changed by clicking the Audit drop-down button and selected the desired change(s).
Asset Management
An asset can be edited by clicking the Manage drop-down button and selecting Edit or it can be archived/deleted by selecting the appropriate option.
Selecting Edit will bring the user to the Edit Asset screen, here the details can be changed as desired and saved.
Integrations
Remote Providers
Remote Providers are an interface ThreadFix uses to import scans from SaaS platforms. To access Remote Providers click on Infrastructure from the Navigation sidebar, click on the Integrations menu to expand it and select Remote Providers.
Defect Trackers
ThreadFix interfaces with Defect Trackers to obtain current defect statuses, update, and export vulnerabilities. To access Defect Trackers click on Infrastructure from the Navigation sidebar, click on the Integrations menu to expand it and select Defect Trackers.
Currently ThreadFix supports Jira On Demand.
Customization
Scan Settings
ThreadFix allows users to restrict scan import results to active networks only. If enabled, ThreadFix will only ingest vulnerability data or create infrastructure assets if the asset IP address exists within a defined network on the Network List page. Enabling this will take effect on future scan imports. Assets not on a known network range in ThreadFix will not be removed, however such orphaned assets will not have their vulnerabilities updated. New orphaned assets will not be created.
To access Scan Settings click on Infrastructure from the Navigation sidebar, click on the Customize sub-menu to expand it and select Scan Settings.
Table of Contents
- 1 You will learn
- 1.1 Prerequisites
- 1.2 Login
- 1.3 Dashboard
- 1.4 Network
- 1.5 Scans
- 1.6 Assets
- 1.6.1 Asset Options
- 1.6.1.1 Filters
- 1.6.1.2 Audit
- 1.6.1.3 Asset Management
- 1.6.1 Asset Options
- 1.7 Integrations
- 1.7.1 Remote Providers
- 1.7.2 Defect Trackers
- 1.8 Customization
- 1.8.1 Scan Settings
- 2 Table of Contents
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.