Viewing Vulnerabilities

Vulnerability Visualization provides a textual or graphical representation of the vulnerabilities of selected destination systems. Vulnerabilities for the selected destination IPs can be seen for the current time or for the time of the selected events.

Vulnerability Visualization requires that a vulnerability collector is running and adding vulnerability scan information to the Sentinel database. The Novell web site (http://support.novell.com/products/sentinel/collectors.html) provides Collectors for several industry-standard vulnerability scanners, and additional vulnerability collectors can be written using Collector Builder.

NOTE: Vulnerability Collectors are distinct from Event Collectors and use different commands.

There are several Vulnerability Visualization views:

The HTML view is a report view that lists relevant fields, depending on which vulnerability scanner you have:

image\ebx_-328451888.gif

The graphical display is a rendering of vulnerabilities that link them to an event through common ports. Below are the examples of the four available views:

image\ebx_1259427505.gif

Organic

image\ebx_-2120494401.gif

 

Hierarchical

image\ebx_-1717462917.gif

Circular

image\ebx_83092507.gif

Orthogonal

In the graphical display there are four panels. They are:

The graph panel display associates vulnerabilities to a port/protocol combination of a resource (IP address). For example, if a resource has five unique port/protocol combinations that are vulnerable, there will be five nodes attached to that resource. The resources are grouped together under the scanner that scanned the resources and reported the vulnerabilities. If two different scanners are used (ISS and Nessus), there will be two independent scanner nodes that will have vulnerabilities associated with them.

NOTE: Event mapping takes place only between the selected events and the vulnerability data returned.

The tree panel organizes data in same hierarchy as the graph. The tree panel also allows users to hide/show nodes at any level in the hierarchy.

The control panel exposes all the functionality available in the display. This includes:

In the Details/Events panel, you have two tabs. When in the Details tab, clicking on a node will result in displaying node details. When in the Events tab, clicking on an event associated with a node the node will display in tabular form as in a Real Time or Event Query window.

To run a Vulnerability Visualization:

  1. In an Real Time Event Table of the Visual Navigator or Snapshot, right-click an event or a series of selected events and click:

image\ebx_1860732374.gif

  1. At the bottom the vulnerability results window, click on either:

  1. (For Event to Vulnerability Graph) Within the display, you can: