Security Risk Analysis
About the Data
Data Refresh Frequency: Updated daily at 1:00 pm UTC
Displays Data for: For new installations, data will be visible within a week after the first scan.
Minimum Requirements: Applications must be scanned at least once, after upgrade to version 184.
Overview
The Security Risk Analysis (SRA) dashboard provides visibility into the number of violations and the time it takes to remediate (MTTR) them in your applications. The threat levels of the policy violations in conjunction with the number of violations gives a comprehensive insight into the overall security risk existing in your applications. This information is crucial for making informed decisions to improve application security.
Based on this data (e.g. if MTTR is within acceptable limits,) you can set the policy actions for the related Lifecycle policies to Warn versus Fail, to prevent blocking production releases. You can assess the pending violations and the associated threat levels to prioritize your remediation strategy.
A deeper analysis into the MTTR can reveal the effectiveness of your remediation strategy. It can be used to gain an understanding of your response processes in addressing the highest risk against the most common vulnerabilities found in the open-source components used in your applications.
The SRA dashboard simplifies the identification of policy violations by grouping them under the Top 5 categories of:
Applications with most risk
Components with most risk
Common Vulnerabilities that exist in your applications (CVEs)
Common Weaknesses in your applications that can lead to vulnerabilities (CWEs)
By analyzing the The Top 10 Violations Fixed, you can assess the effectiveness of your remediation strategy over the selected time period.
Using the SRA dashboard, you can develop a targeted remediation approach and define a plan that maintains a low-risk security risk profile and assists in passing compliance checks that strictly restrict critical vulnerabilities.
Get to Know Your Security Risk Analysis Dashboard
The interactive dashboard provides multiple filter options to view the security risks in your applications. You can filter on date range, organization, application, application category, policy threat level, security policy name, stage, and component type.
Stages available for filtering are release, stage-release, build, compliance and source. The build stage is selected by default.
Daily Open Violation Counts
The Daily Open Violation Counts chart displays the number of violations detected each day for each threat level.
Mean Time to Remediate
The Mean Time to Remediate chart displays the time taken in days to remediate violations on a month-by-month basis. Remediating violations includes changing the component versions (by upgrading, downgrading, removing the component or fixing the vulnerability) or applying waivers.
Remediation Reason: Critical Violations chart shows a breakdown of the number of critical violations remediated (by upgrading, downgrading, removing the component or fixing the vulnerability), and applying waivers.
The Remediation Reason: All Other Violations chart shows a breakdown of the number of all other violations (excluding criticals) remediated by changing the component version and applying waivers.
The Open Violation Count
How Quick Remediation Affects Daily Open Violation Counts
The Daily Open Violations Count chart shows the number of violations with status open at the end of 24 hour time period. If a violation is detected and has been remediated within the 24 hr time period, it will not be included in the Daily Open Violation Counts.
Top Ten Violations Fixed
The chart displays the fixed and pending violations for the top 10 vulnerabilities found in your applications.
The distribution of the top ten violations that were fixed in the various applications gives an insight into the existing security risk. Fixing a violation includes component version changes and waivers.
Click on the CVEs on the X-axis to view the detailed description of the vulnerability. Ensure that the base url is configured for your instance of IQ Server to view the vulnerability details.
You may observe a change in the severity for a given CVE. This is due to the change in the CVSS score that associated with the CVE, over the course of time.
Top 5: Applications with Most Risk
The chart displays the no. of vulnerabilities and the associated threat levels for the top 5 applications. You can focus remediation efforts on these high risk applications to reduce the existing risk.
The top 5 ranking of the Applications with Most Risk is determined by the combination of the threat levels and the number of vulnerabilities. There could be scenarios where the number of vulnerabilities are higher, but the application is not shown at a higher risk, in the the Top 5 rankings. This is because of the lower threat levels associated with the vulnerabilities.
Top 5: Most Common Vulnerabilities
The chart displays the vulnerabilities in your applications and is color coded by threat level. By determining the most commonly occurring vulnerabilities across your applications, you can direct your remediation efforts towards these vulnerabilities and reduce the risk efficiently. The number of applications displayed here shows the distinct count of the applications containing the vulnerability.
The top 5 ranking of the Most Common Vulnerabilities is determined by the combination of the number of vulnerabilities and impacts on the number of applications. There could be scenarios where the number of applications are higher, but the vulnerability is not shown higher in the the Top 5 rankings. This is because the chart shows the number of applications that have been impacted by all threat levels that were associated due to changes of CVSS over the time period.
Click on the CVEs on the Y-axis to view the detailed description of the vulnerability. Ensure that the base url is configured for your instance of IQ Server to view the vulnerability details.
Top 5: Components with Most Risk
The chart displays the 5 most commonly implicated components along with the associated threat levels. You can target remediation of "critical" and "severe" threat levels to optimize the remediation tasks.
The top 5 ranking of the Components with Most Risk is determined by the combination of the number of vulnerabilities and impacts on the number of applications. There could be scenarios where the number of applications are higher, but the component is not shown higher in the the Top 5 rankings. This is because the chart shows the number of applications that have been impacted by all threat levels that were associated due to changes of CVSS over the time period.
Top 5: CWEs
The chart displays the 5 most commonly found cataloged CWEs and the number affected applications. You can remediate risks based on the weakness taxonomy, and the number of applications affected, by crafting a targeted approach.
The top 5 ranking of the CWEs is determined by the combination of the number of CWEs and impacts on the number of applications. There could be scenarios where the number of applications are higher, but the vulnerability is not shown higher in the the Top 5 rankings. This is because the chart shows the number of applications that have been impacted by all threat levels that were associated due to changes of CWEs over the time period.
Click on the CWEs on the Y-axis to view the detailed description on cwe.mitre.org
Vulnerability Register
This table shows a list of all vulnerabilities found in the latest application scans.
Table column | Description |
---|---|
Vulnerability ID | The published vulnerability identifier |
Policy Threat | Assigned threat level |
CVSS Score | User assigned CVSS score or default |
Application Count | Number of applications impacted |
Component Count | Number of components implicated by the vulnerability |
Open Violation Total | Total number of open violations (which are not remediated) due to the vulnerability |
Waived Violation Total | Total number of violations due to the vulnerability that are waived, but still are a risk |
Version Change Total | Total number of component version changes (upgrade/downgrade) implemented to remediate the vulnerability. |
Troubleshooting
Problem
Clicking on the browser Refresh button may give you the following error:
Solution
Click the Back button on your browser, from the page where you see this error, to back to the Landing page Data Insights. Select the dashboard you want to view, to reload the visualizations.
To refresh the page, click on the refresh icon on the top right, instead of the Refresh button on your browser.
Problem
No data visible on the dashboard or any other issues with the dashboard.
Solution
Contact support and provide the cluster_id if visible.
cluster_id is located at the bottom of the dashboard.