The Vulnerability section is designed for monitoring the statistics of vulnerability scan results.
- Statistics on unique scanned hosts with vulnerabilities of various criticality levels
- Statistics by vulnerability types
- Dynamics by vulnerability types
- Top hosts by number of vulnerabilities
- Top most common vulnerabilities
- Vulnerability statistics by CVE type
- Event statistics with details by vulnerable hosts
- Event statistics with details by vulnerabilities
- Vulnerabilities: Overview
- Vulnerabilities: Scanned Host Profile
- Vulnerabilities: Vulnerable Host Profile
The section uses the data source fields described below. Alias used: sm_cs_vulnerability_indexes.
| Field Name | Value |
|---|
event.kind | event |
event.category | vulnerability |
| Field Name | Value |
|---|
vulnerability.enumeration | Type of vulnerability classification (CVE, etc.). |
vulnerability.id | Identifier of the vulnerability within the classification. |
vulnerability.classification | Vulnerability danger scoring system (CVSS, etc.). |
vulnerability.score.base | Degree of vulnerability danger (0-10). |
vulnerability.score.version | Version of the scoring system. |
vulnerability.severity | Importance level of the vulnerability (critical | high | medium | low | none) |
| Field Name | Value |
|---|
host.ip | IP address of the host where the vulnerability was detected. |
host.name | Name of the host where the vulnerability was detected. |
| Field Name | Value |
|---|
event.original | Original event text. |
Dictionaries are not applied.