Exposure Management - Exposures

Exposures presents a unified, centralized inventory of all security vulnerabilities (exposures) identified across your organization's environment—from various Ivanti scanners and integrated external tools. It facilitates efficient prioritization and remediation of exposures by consolidating information such as risk scores (VRR), affected assets, and source details

  • Exposure (CVE): Click the CVE to drill down into the detailed exposure profile.

  • Vulnerability Risk Rating: Use this score for immediate prioritization. Higher VRR means higher risk. For more information, see What is Vulnerability Risk Rating.

  • Impacted assets: Lists the assets affected by the CVE.

  • Last Discovered: Lists the assets based on the age of exposures detected.

  • Sources: Displays the tools, such as Ivanti Discovery, Crowdstrike, or Tenable, that contribute vulnerability data to the platform.

  • Exploitable: Highlights exposures with published exploit code, increasing risk.

  • Tags: Displays the tags, such as ransomware or public.

Filtering the exposures list

You can filter these exposure list columns:

  • Severity, such as high or critical.
  • Vector, such as data leaks or patching cadence.
  • Age, you can narrow down your search results by the age of exposures detected. You can use the following pre-set options for quick filtering:

    • Show all: Displays all data regardless of its age.

    • Greater than 3 days: Shows data older than 3 days.

    • Greater than 14 days: Shows data older than 14 days.

    • Greater than 30 days: Shows data older than 30 days.

    • Greater than 365 days: Shows data older than 365 days.

    Custom Range: For more specific filtering, select the Custom range option. This allows you to define a specific date range.

  • Status, such as open or closed. A closed status means the vulnerability was not detected.
  • Tags, such as ransomware or public.

Select the filter button Image showing a button that looks like a funnel on a column header to see its selectable filters. The column chooser button Image showing column chooser button to the left of the search field lets you select which columns are visible.

Use the Export button to export the exposures list to text (.csv). Any column filters you have applied will also apply to the export.

What is Vulnerability Risk Rating?

Vulnerability Risk Rating (VRR) considers industry-standard Common Vulnerability Scoring System (CVSS), Common Weakness Enumeration (CWE) data, OWASP (Open Web Application Security Project), open-source threat intelligence, subject matter expertise, trending information, and more. VRR represents the risk posed by a given vulnerability, provided as a numerical score between 0 and 10, to an organization or business. The higher the risk, the higher the VRR.

Use of Vulnerability Risk Ratings (VRR) in Vulnerability Management

To streamline and prioritize remediation efforts across our environment, we leverage Vulnerability Risk Ratings (VRR) as provided by the Ivanti platform. VRR is a numeric value ranging from 0.0 (lowest risk) to 10.0 (highest risk), reflecting the potential impact and exploitability of each vulnerability identified. The VRR is a dynamic rating based on various risk factors, including threat intelligence and vulnerability characteristics.

Within the platform, VRR values are prominently displayed in dashboards, asset inventories, and vulnerability reports. These ratings allow staff to efficiently sort and filter vulnerabilities, focusing attention and resources on the exposures that pose the highest risk to our assets and operations.

By incorporating VRR into our vulnerability management workflow, we ensure that critical issues are addressed promptly and risk is effectively reduced.