View Patching Cadence findings from the Findings Table or Rating Details.
Findings Table
Field | Description | Filters | ||
---|---|---|---|---|
Assets |
The Assets section in the Details tab of the findings sheet. |
No | ||
Asset | The IP address or domain that identifies the asset. | Text search. | ||
Asset Importance/ Calculated Importance (Details tab of findings sheet) |
Asset importance is either user-assigned or is estimated based on the amount of system usage, ability to submit information, and the presence of special certificates. | Yes | ||
Assigned To | The user assigned to remediate the finding. | Yes | ||
Attributed To | The subsidiary or subsidiaries in the Ratings Tree that are attributed to the finding. | Yes | ||
Comments | The Comments section of the Details tab in the finding sheet contains finding comments, which can be used for discussions, providing a way to describe the status of resolution or validity of findings to external stakeholders and other interested parties. | No | ||
Country | The country where IP addresses attributed to the finding are hosted. | No | ||
Details |
The name of the vulnerability. Click on the finding to get a description. More details are available in the Details section [Findings Sheet ➔ Details Tab ➔ Details Section]. |
No | ||
Confirmed Vulnerabilities | A card [Findings Sheet ➔ Details Tab ➔ Details Section] containing the names, severities, and descriptions of confirmed vulnerabilities. | No | ||
Description | A description of the vulnerability. | No | ||
Name | The name of the vulnerability. | Vulnerability | ||
Severity | The vulnerability severity. | Vulnerability Severity:
|
||
Dates Observed |
A card [Findings Sheet ➔ Details Tab ➔ Details Section] containing observation date details. The National Vulnerability Database (NVD) has a “Published Date,” which is when the vulnerability was officially announced. This is different from the “First Seen” and “Last Seen” fields of Patching Cadence findings. |
No | ||
First Seen | The earliest observation date when a system in the company's infrastructure was observed to be affected by the vulnerability. |
|
||
Last Seen | The most recent date that the vulnerability was observed to affect the system in question. |
|
||
Duration❖ | Number of days beginning when the compromised system or patching cadence finding was first observed and ending on the latest observation date or date of remediation (patching cadence only). |
|
||
Remediation Status❖ | Indicates if a vulnerability is remediated. See vulnerability duration for more information. | Yes | ||
Vulnerability❖ | The vulnerability name, as logged in the National Vulnerability Database (NVD). |
|
||
Vulnerability Details | A card [Findings Sheet ➔ Details Tab ➔ Details Section] containing vulnerability details. | No | ||
CDN Script Source Paths | No | |||
HTML Sample | A sample of the HTML content. | No | ||
Page Title | The title of the web page. | No | ||
Request URL | The web page URL. | No | ||
Software Version | The software version. | No | ||
Finding Identifier | The IP address or domain that identifies the asset. | Yes | ||
Finding Severity | Finding severity is the measured risk that the finding introduces. |
|
||
Grade | The finding grade. This is not applicable to Patching Cadence and is displayed as N/A. | Yes | ||
Impacts Risk Vector Grade | Indicates if the finding influences the risk vector grade. | See values. | ||
IP Attributions | The IP Attributions section [Findings Sheet ➔ Details Tab ➔ IP Attributions Section] containing attribution reasons. | No | ||
Attribution Info | The reason for attribution. | No | ||
CIDR | The associated CIDR. | No | ||
DNS Hostname | The associated hostname. | No | ||
Refresh | The finding refresh status. | Refresh status. | ||
Remaining Lifetime | The projected number of days that a finding will continue to impact risk vector grading (finding lifetime). This is a projection that assumes nothing changes in the future and a finding is not updated with new information. It may change if a finding is updated. | The # of days. | ||
Remediations | The Remediations section [Findings Sheet ➔ Details Tab ➔ Remediations Section] containing remediation details. | No | ||
Details | The name of the finding. | No | ||
Issue |
A description of the finding. You can also click on the vulnerability name in the Details column to quickly see the issue. |
No | ||
Remediation Instructions❖ (Remediation Tip) |
How to resolve a negative finding. See Verifying That a Finding Is Remediated. | No | ||
Remediation Status | The remediation status. | Patching Cadence: Remediated? | ||
Risk Vector | The risk vector. | Yes | ||
Status Updated | The date when the “Remediation Status” or “Assigned To” fields were last changed. |
|
Additional Findings Table Filters
Filter | Values |
---|---|
File Sharing Category | Not applicable for Patching Cadence. |
Infection Family | Not applicable for Patching Cadence. |
Pass / Fail Test | Not applicable for Patching Cadence. |
Tag |
|
Rating Details Page
The Rating Details page includes a graph that shows the number of vulnerabilities experienced per month, along with the average resolution time for the month.
- A higher bubble indicates a longer average resolution timespan for that month.
- Larger bubbles indicate there were more unpatched vulnerabilities observed during that time period.
- January 15, 2025: N/A clarification.
- October 29, 2024: Findings Table navigation instructions moved from Risks to a new Findings section in the menu; Rating Details navigation instructions for the SPM app moved from Risks to Organization.
- January 19, 2024: Navigation instructions by application.
- March 3, 2023: Added Duration field; Filter on Remediated findings.
Feedback
0 comments
Please sign in to leave a comment.