Active View - Vulnerabilities
Overview
Fortra VM Active View provides a comprehensive, aggregate health assessment of your environment. It helps you identify your vulnerabilities and optimize remediation resources.
The Active View System Health Vulnerabilities page is the central location for managing vulnerabilities that Fortra VM discovers in your environment.
Viewing vulnerabilities
You can toggle the view between Grouped by vulnerability (default) or Show all instances when viewing vulnerabilities on this page (see 3 in the Vulnerabilities page components table).
Selecting Group by vulnerability lists vulnerabilities by Vulnerability Dictionary ID, vulnerability title, vulnerability class (Explicit, Malware, etc.), Fortra VM severity, NVD severity, PCI severity, and hidden. For example, vulnerabilities set to hidden (More > Set hidden) will appear as a separate entry:
Additionally, although rarer, differences in NVD severity over time may result in separate entries in the Grouped by vulnerability view. For example, an NVD entry may have recently been updated by NIST to include a CVSS 3.1 score, whereas previously, it contained a CVSS 2.0 score. This change in scoring can change the NVD severity from Medium to High and may also affect the PCI severity.
Scanning your assets regularly will ensure that your Active View contains the most recent changes to the vulnerabilities detected.
Vulnerabilities page components
| Ref. | Description |
|---|---|
| 1 | Actions you can take with selected vulnerabilities:
|
| 2 | Options for searching your vulnerabilities. See related: Find Information in Fortra VM |
| 3 | Toggles the list by Show all instances or Group by vulnerability. |
| 4 | Sorts the list. |
| 5 | A list of vulnerabilities in your environment. Depending on your selected view, the list includes Severity level, description, status, ports, protocols, services, and the number of instances (indicates if there are recent changes in the number of vulnerabilities). NOTE: By default, the list shows vulnerabilities grouped by vulnerability. |
| 6 | The abbreviated vulnerability description and suggested solutions (appears when you select a vulnerability name).
In the vulnerability description, select the Vulnerability Details ID number to see complete details about the vulnerability and view the assets it affects. NOTE: If viewing individual vulnerability instances, the abbreviated description also gives you specific Instance Data and allows you to add notes and manage labels. |
| 7 | Set Vulnerabilities Hidden
Removes an vulnerability from view without deleting its historical data. This option is ideal when you want to keep the vulnerability’s history but exclude it from visibility. Use this option to also mark a vulnerability as a false positive. When a vulnerability is hidden, its ranking will not be calculated into the Security GPA. To use this option, select one or more vulnerabilities and then select More > Set hidden. In the Set Vulnerabilities Hidden dialog, select True to see options for hiding the vulnerability. If your organization has confirmed the vulnerability is not found in your environment, select False positive to hide the vulnerability and share this information with Fortra to improve future detection logic for this vulnerability. You can choose to either Hide this instance only or Hide this and future instances. Both options will remove the vulnerability from view and from the Security GPA calculation, but if you select Hide this instance only and the vulnerability appears in a future scan, it will appear again in Active View. This may be desirable if the vulnerability is not important for your organization currently, but you want to review it again in the future.
|
| 8 | Set Acceptable Risk Marking a vulnerability as an acceptable risk indicates that you understand the risk that the vulnerability poses, but you cannot or will not fix it. This hides the vulnerability from Active View, but the vulnerability will still factor into the Security GPA. |
