Add Vulnerability
You can add a vulnerability from anywhere on the CFTR UI. To add a vulnerability:
On the top banner area of the CFTR UI, click the + New button and select Vulnerability. New Vulnerability tab appears.
In the Title field, enter a title for the vulnerability. The vulnerability title can be viewed in the Vulnerabilities listing page with the unique ID (for example, #VUL123).
Under the Summary section, enter the details of the vulnerability. The fields marked with an asterisk (*) are mandatory fields.
Field Name
Description
Description
Enter a description that best describes the key details of the vulnerability.
Sources*
Select the reporting sources for the vulnerability. Some of the suggested sources are:
Qualys
Nessus
Manual
N-map
Note: Your CFTR admin can create other source values under Form Management for vulnerabilities from the Admin Panel.
Risk*
Select a risk level for the vulnerability. This can help in grouping vulnerabilities based on risk. The suggested risks are:
Very Low
Low
Medium
High
Very High
Scan Date
Enter the scan date on which the vulnerability was found.
Publish Date
Enter the publish date on which the vulnerability was published.
Last Updated
Enter the last updated date of the vulnerability.
Vulnerability Type
Select the vulnerability types from the drop down list. Some of the suggested values are:
Configuration Issue
Denial of Service
Local Exploit
Privilege Escalation
Remote Exploit
Network Vulnerability
Mobile Application Vulnerability
Web Application Vulnerability
Note: Your CFTR admin can create other vulnerability types under Form Management for vulnerabilities from the Admin Panel
Privileges Required
Select a level that indicates the privileges required for handling the vulnerability. Some of the suggested values are:
Minimal
Medium
High
None
Note: Your CFTR admin can create other privilage values under Form Management for vulnerabilities from the Admin Panel
CVEs
Enter the Common Vulnerability Exposure (CVE) number for the vulnerability.
User Interaction Required
Specify if user interaction is required or not. Select Yes and No.
CVSS Score
Enter the CVSS score of the vulnerability. The Common Vulnerability Scoring System (CVSS) presents a way to capture key characteristics of a vulnerability and add a numerical score indicating its severity.
CIA Impact
Select an impact value for Vulnerability. Suggested impacts are:
Confidentiality
Integrity
Availability
Note: Your CFTR admin can create other CIA Impact values under Form Management for vulnerabilities from the Admin Panel
Custom Risk Score
Enter a Custom Risk Score for the vulnerability. This value can be used internally to reflect the real risk the vulnerability could pose to your organization. Enter a numerical score value in this text field.
Vulnerability ID
Enter the vulnerability ID.
Remediation Owner
Enter the name of the task owner who is responsible for implementing remediation actions for the vulnerability. You can choose from the available list of users.
Priority
Select a priority level for the vulnerability. This can help in grouping vulnerabilities based on priority. The priority levels are:
Very Low
Low
Medium
High
Very High
Target Remediation Date
Enter a target date for providing remediation.
On the right panel, from the Labels drop-down list, select the labels.
Click Submit.
The fields under the Summary section may differ based on the fields configured by your CFTR admin under Form management for vulnerabilities from the Admin Panel.