Create Vulnerability elements

You can create custom Vulnerability elements to associate Situations with vulnerabilities that are not included in the default Vulnerability elements.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Expand the Other Elements > Situations branch of the element tree.
  3. Right-click the By Vulnerability branch in the tree view and select New > Vulnerability.
  4. Give the Vulnerability a descriptive name and optionally a comment.
    The Comment is not shown in the Logs view. Use the Description field to enter information to be shown in the logs.
  5. To create a reference to external vulnerability information, select one or more reference systems in the Reference System section and enter the ID this vulnerability has in that system:
    • Mitre: vulnerability ID format is CVE-YYYY-XXXX
    • SecurityFocus: vulnerability ID format is BID-XXXXX
    • Microsoft: vulnerability ID format is MSYY-XXX
    • Us-Cert: vulnerability ID format is TAYY-XXXX
  6. After you have entered the vulnerability ID, click Show next to the ID field to view the information about the vulnerability in the reference system.
  7. Type or copy-paste a short description of what the vulnerability is about into the Description field.
  8. Under Situations, browse to the correct Situation elements, select them (one or several at a time) and click Add to associate them with this Vulnerability.
    The selected Situations are added to the Content field on the right.
  9. When you are finished adding Situations, click OK.
    The selected Situations are now associated with this vulnerability, and a link to this Vulnerability is added on the Situations’ properties dialog box.

Vulnerability Properties dialog box

Use this dialog box to define the properties of a Vulnerability element.

Option Definition
Name Specifies a unique name for the element.
Comment An optional comment for your own reference.
Reference systems To create a reference to external vulnerability information, select one or more reference systems. The vulnerability ID format for each type is:
  • Mitre — CVE-YYYY-XXXX
  • SecurityFocus — BID-XXXXX
  • Microsoft — MSYY-XXX
  • US-Cert — TAYY-XXXX
Click Show next to the reference to go the vulnerability information website.
Description Provides a text entry for a more detailed description of the vulnerability.
Resources pane Use this pane to create and add Situation elements to the vulnerability.
Search Opens a search field for the selected element list.
Up Returns to the previous folder.
New Creates a user-defined Situation.
Tools Show Deleted Elements — Shows elements that have been moved to the Trash.
Content Shows the selected Situations.
Add Adds the selected Situations to the Contents list.
Remove Removes the selected Situations from the Contents list.