View Vulnerabilities from the CSM Desktop Client or CSM Browser Client
After you run the Tenable Vulnerability Export, view the vulnerabilities for more information.
Note: In rare cases, there may be instances where a vulnerability or
Plugin is present on a single Configuration Item (CI) more than once at the
same time via different ports or protocol.
This mApp® Solution limits the relationship between CIs and vulnerabilities based on unique Plugin ID; therefore, in an instance where a CI has the same vulnerability multiple times, CSM only reports on one of these instances. As a result, the reporting may show different counts in CSM versus Tenable.io for vulnerabilities per CI or Asset.
To view vulnerabilities in the Desktop Client or Browser Client:
- Open the Search Manager.
- From the Association drop-down list, select Event - Security.
- Select Open Security Events, and then select Run.
- Open any records associated with a vulnerability and you will
notice the following:
- The Source field on the Overview tab is set to Tenable.
- The Vulnerability Name is also the Event Name.
- The Details and Response Notes fields are details from Tenable regarding the vulnerability.
- The External Source ID field is the same as Plugin ID in Tenable.
- The Event Type field is set to Common Vulnerabilities and Exposures.
- The Event Severity field is the same as the Vulnerability Severity in Tenable.
- The Priority field is set to Low.
- The Vulnerability tab is visible and contains all details from Tenable regarding the vulnerability. All fields on this tab are read-only.
- The
Configuration Item tab shows the
Security Event Joins Configuration Item join
table details including the status of the vulnerability on each CI.
- Selecting the Jump button takes you to the join record where you can enter resolution details and mark the vulnerabilities resolved on the CI.
- The links under Actions allow you to jump to the Configuration Item record or back to the Security Event.
- On the Security Event record, you can create Incidents, Change Request, or Problems.
- On the Configuration Item records, the Security Events can be found on the Event tab.