Exposure detection and evidence certainty describes how conclusively evidence shows that a company is exposed to or has mitigated a vulnerability.
Evidence examples are non-exhaustive; they may not apply to or be available for all vulnerabilities in our catalog.
Detection | |||
Exposure | Mitigation | ||
Certainty | Possible |
Exposure Possible The evidence generally indicates that the company in question is unprotected from a threat. Evidence Examples:
|
Mitigation Possible The evidence generally indicates that the company in question is protected from a threat. Evidence Example: Non-vulnerable records found |
Likely |
Exposure Likely The evidence specifically indicates that the company in question is unprotected from a threat. Evidence Examples:
|
Mitigation Likely The evidence specifically indicates that the company in question is protected from a threat. Evidence Example: Long time since detection |
|
Confirmed |
Exposure Confirmed The evidence confirms that the company is unprotected from a threat. Evidence Examples:
|
Mitigation Confirmed The evidence confirms that the company is protected from a threat. Evidence Example: Patching records found |
Exposure Detection
Exposure detection indicates a company’s current status to being exposed to a vulnerability. Use this to assess immediate risk and prioritize your remediation efforts.
- Exposure
-
Vulnerabilities were detected within the last 60 days and may actively be impacting the company.
Slug name:
currently
orEXPOSED
- Mitigation
-
Vulnerabilities were detected more than 60 days ago. There’s evidence of mitigation or there’s no evidence of exposure in the past 60 days.
Slug name:
previously
Evidence Certainty
A measure of how certain we are about a company's detection status.
- Possible
-
The evidence generally indicates that the company in question is or is not protected from a threat.
Slug name:
POSSIBLE
- Likely
-
The evidence specifically indicates that the company in question is or is not protected from a threat.
Slug name:
LIKELY
- Confirmed
-
The evidence confirms that the company is or is not protected from a threat.
Slug name:
CONFIRMED
- November 15, 2024: Evidence certainty slug names.
- October 17, 2024: Added slug names for exposure detection values in the API.
- February 8, 2024: Added descriptions of each evidence certainty type.
Feedback
0 comments
Please sign in to leave a comment.