TOC & Recently Viewed

Recently Viewed Topics

Cumulative vs. Mitigated Vulnerabilities

SecurityCenter uses the scan definition, the results of the scan, the current state of the cumulative view, and authentication information to determine if a vulnerability is mitigated. To start, the vulnerability must be present in the cumulative view to be considered for mitigation. The import process then looks at each vulnerability in the import repository.

The vulnerability is identified as mitigated if:

  • The IP of the vulnerability was in the target list of the scan.
  • The plugin ID of the vulnerability was in the list of scanned plugins.
  • The port of the vulnerability was in the list of scanned ports.
  • The vulnerability with that IP/port/pluginID combination was not in the scan result.

The import process also verifies that authentication was successful before mitigating any local check vulnerabilities that meet the above criteria.

Note: Mitigation logic works with scans using policies defined by templates, advanced policies, and remediation scans.  These policies are set up to take advantage of this new mitigation logic.

Choose the new severity risk level to assign to the current vulnerability and the selected filter options (Repository, Targets, Ports, and Protocol). If any of the selected options are modified, they filter what vulnerabilities inherit the new risk rating. In addition, a comment can be added to describe why the risk is being recast.

Note: There can be a short delay between clicking on Submit and vulnerabilities showing the new risk. It may be necessary to reload the filters to view the applied changes.

To switch viewing mitigated or cumulative vulnerabilities:

  1. Log in to SecurityCenter as an organizational user with appropriate permissions. For more information, see User Roles.

  2. Click Analysis > Vulnerabilities.

    The Vulnerability Analysis page appears.

  3. In the upper-right corner, click the Options drop-down menu.
  4. Click Switch to Mitigated or Switch to Cumulative.

    The page updates to display data from the mitigated or cumulative vulnerability database:

    • The cumulative database contains current vulnerabilities, including those that have been recast, accepted, or mitigated and found vulnerable on rescan.

    • The mitigated database contains vulnerabilities that are no longer vulnerable based on current scan result information.

Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.