Security Risk Analysis
About the Data
Data Refresh Frequency: Updated daily at 1:00 pm UTC
Displays Data for: All open violations (regardless of the date they were opened) and resolved violations on or after January 1, 2024. For new installations, data will be visible within a week after the first scan.
To view historical data (generated before January 1, 2024) version 188 or higher is required.
Minimum Requirements: Applications must be scanned at least once, after upgrade to version 184. The dashboard currently shows data related to violations and remediations that are discovered after upgrade to version 184.
Overview
The Security Risk Analysis (SRA) dashboard provides visibility into the number of violations and the time it takes to remediate (MTTR) them in your applications. The threat levels of the policy violations in conjunction with the number of violations gives comprehensive insight into the overall security risk existing in your applications. This information is crucial for making informed decisions to improve application security.
Based on this data (e.g. if MTTR is within acceptable limits,) you can set the policy actions for the related Lifecycle policies to Warn versus Fail, to prevent blocking production releases. You can assess the pending violations and the associated threat levels to prioritize your remediation strategy.
A deeper analysis into the MTTR can reveal the effectiveness of your remediation strategy. It can be used to gain an understanding of your response processes in addressing the highest risk against the most common vulnerabilities found in the open-source components used in your applications.
The SRA dashboard simplifies the identification of policy violations by grouping them under the Top 5 categories of:
Applications with most risk
Components with most risk
Common Vulnerabilities that exist in your applications (CVEs)
Common Weaknesses in your applications that can lead to vulnerabilities (CWEs)
By analyzing the The Top 10 Violations Fixed, you can assess the effectiveness of your remediation strategy over the selected time period.
Using the SRA dashboard, you can develop a targeted remediation approach and define a plan that maintains a low-risk security risk profile and assists in passing compliance checks that strictly restrict critical vulnerabilities.
Get to Know Your Security Risk Analysis Dashboard
The interactive dashboard provides multiple filter options to view the security risks in your applications. You can filter on date range, organization, application, application category, policy threat level, stage, violation type, security policy name, component type and remediation status.
Violation Types available for filtering are Legacy Violations and Non-Legacy Violations.
Remediation Statuses available for filtering are fixed, open and waived.
Stages available for filtering are release, stage-release, build, compliance and source. The build stage is selected by default.D
Daily Open Violation Counts
The Daily Open Violation Counts chart displays the number of non-waived violations present each day across all applications matching the selected filters. Open violations are broken out by threat level.
This chart does not include violations that are discovered and remediated on the same day.
Mean Time to Remediate
The Mean Time to Remediate chart displays the mean time taken in days to remediate violations on a month-by-month basis. Remediating violations includes changing the component versions (by upgrading, downgrading, removing the component or fixing the vulnerability) or applying waivers.
How Quick Remediation Affects Daily Open Violation Counts
The Daily Open Violations Count chart shows the number of violations with status open at the end of 24 hour time period. If a violation is detected and has been remediated within the 24 hr time period, it will not be included in the Daily Open Violation Counts.
Fix Rate
The Fix Rate chart displays the percentage of violations resolved during the selected time period. Fixing violations includes changing the component versions (by upgrading, downgrading, removing the component or fixing the vulnerability.)
Violations Over Time
The Violations Over Time chart displays the number of violations (open, waived or both) as they exist on the last day of each month.
How Does Waiving and Fixing Violations affect the Monthly Count
The Violations Over Time chart shows the number of violations for each status i.e open, waived, open + waived at the end of each month. The examples below describe different scenarios:
If a violation was waived on Jan 20, 2024, and the corresponding waiver expired on Feb 20, 2024, and it was not fixed then it will be counted as 1 waived violation in January (it was waived as of Jan 31) and 1 open violation in February (it was open as of Feb 29.)
If a violation was waived on Jan 20, 2024, and was fixed on Feb 20, 2024, it will be counted as 1 waived violation in January (it was waived as of Jan 31.) and will not contribute to the counts for February.
If a violation was waived on Jan 20, 2024, and is still active (not fixed and waiver not expired), it will be counted as 1 waived violation for each month.
Remediation of Critical and Other Violations
Critical Violations: Remediation Reason chart shows a breakdown of the number of critical violations that are open, waived, and fixed (by implementing a version change to a non-violating version of the component or removing the component.)
All Other Violations: Remediation Reason chart shows a breakdown of the number of all other violations (excluding criticals) that are open, waived, and fixed (by implementing a version change to a non-violating component or removing the component.)
Top Ten Violations Fixed
The chart displays the fixed and pending violations for the top 10 most frequently occurring vulnerabilities (based on the number of applications they occur in.)
The distribution of the top ten violations that were fixed in the various applications gives an insight into the existing security risk. Since these Top 10 vulnerabilities occur in many applications, remediating them has high impact. This chart shows how complete those remediation efforts are. The blue bars show the count of successfully remediated vulnerability instances and the pink bars show the remediation work remaining.
Click on the CVEs on the X-axis to view the detailed description of the vulnerability. Ensure that the base url is configured for your instance of IQ Server to view the vulnerability details. You may observe a change in the severity for a given CVE. This is due to the change in the CVSS score that associated with the CVE, over the course of time.
Top 5: Applications with Most Risk
The chart displays the number of vulnerabilities and the associated threat levels for the 5 applications that have the most total risk. Any business critical applications on this list are good targets for focused risk reduction efforts.”
The top 5 ranking of the Applications with Most Risk is determined by the combination of the threat levels and the number of vulnerabilities. There could be scenarios where the number of vulnerabilities are higher, but the application is not shown at a higher risk, in the the Top 5 rankings. This is because of the lower threat levels associated with the vulnerabilities.
Top 5: Most Common Vulnerabilities
The chart displays the vulnerabilities in your applications and is color coded by threat level. By determining the most commonly occurring vulnerabilities across your applications, you can direct your remediation efforts towards these vulnerabilities and reduce the risk efficiently. The number of applications displayed here shows the distinct count of the applications containing the vulnerability.
The top 5 ranking of the Most Common Vulnerabilities is determined by the combination of the number of vulnerabilities and impacts on the number of applications. There could be scenarios where the number of applications are higher, but the vulnerability is not shown higher in the the Top 5 rankings. This can happen if the vulnerability occurs in many applications but some of those occurrences have lower-severity impact.
Click on the CVEs on the Y-axis to view the detailed description of the vulnerability. Ensure that the base url is configured for your instance of IQ Server to view the vulnerability details.
Top 5: Components with Most Risk
The chart displays the 5 most commonly implicated components along with the associated threat levels. You can target remediation of "critical" and "severe" threat levels to optimize the remediation or risk reduction tasks.
The top 5 ranking of the Components with Most Risk is determined by the combination of the number of vulnerabilities and impacts on the number of applications. There could be scenarios where the number of applications are higher, but the component is not shown higher in the the Top 5 rankings. This is because the chart shows the number of applications that have been impacted by all threat levels that were associated due to changes of CVSS over the time period.
Top 5: CWEs
The chart displays the 5 most commonly found cataloged CWEs and the number of affected applications. You can remediate risks based on the weakness taxonomy, and the number of applications affected, by crafting a targeted approach that focuses on certain weakness types.
The top 5 ranking of the CWEs is determined by the combination of the number of CWEs and impacts on the number of applications. There could be scenarios where the number of applications are higher, but the vulnerability is not shown higher in the the Top 5 rankings. This can happen if the vulnerability occurs in many applications but some of those occurrences have lower-severity impact.
Click on the CWEs on the Y-axis to view the detailed description on cwe.mitre.org
NOTE: "Ø" indicates that no CWE has been officially assigned to the vulnerability because it is new or uncategorized.
Vulnerability Register
This table shows a list of all vulnerabilities found in the latest application scans.
NOTE: Due to limitations of the data visualization platform, this table can show 5,000 rows only. This also applies to the exported data.
Table column | Description |
|---|---|
Vulnerability ID | The published vulnerability identifier |
Policy Threat | Assigned threat level |
CVSS Score | User assigned CVSS score or default |
Application Count | Number of applications impacted |
Component Count | Number of components implicated by the vulnerability |
Open Violation Total | Total number of open violations (which are not remediated) due to the vulnerability |
Waived Violation Total | Total number of violations due to the vulnerability that are waived. |
Fixed Total
| Total number of component fixes (upgrade/downgrade/removal) implemented to remediate the vulnerability. |
Troubleshooting
Problem
Clicking on the browser Refresh button may give you the following error:
Solution
Click the Back button on your browser, from the page where you see this error, to go back to the Landing page Enterprise Reporting. Select the dashboard you want to view, to reload the visualizations.
To refresh the page, click on the refresh icon on the top right, instead of the Refresh button on your browser.
Problem
No data visible on the dashboard or any other issues with the dashboard.
Solution
Contact support and provide the cluster_id if visible.
cluster_id is located at the bottom of the dashboard, as shown in the image below.
