Skip to main content

Vulnerability management

Which applications or code repos are vulnerable?

Requires at least one application scanner integration such as Veracode or WhiteHat.

Find (Application|CodeRepo) as app that has (Finding|Vulnerability) as vuln
app._type, app.displayName,
vuln._type, vuln.displayName, vuln.severity, vuln.numericSeverity

Which systems/instances are vulnerable?

Requires enabling AWS Inspector, GuardDuty, Tenable or similar integration.

Find (Host|Workload|DataStore) as system
that has (Finding|Vulnerability) as vuln
system._type, system.displayName,
vuln._type, vuln.displayName, vuln.severity, vuln.numericSeverity

What open vulnerabilities do I have?

Find (Finding|Vulnerability) with open=true

This is best viewed in the Alerts app under Open Findings tab.

What vulnerabilities are suppressed/resolved/marked as exception?

Similar, you can query for vulnerability findings that are resolved/suppressed or marked as exception:

Find (Finding|Vulnerability)
with open=false or suppressed=true or exception=true

Do I have proper vendor support for my software applications?

Requires integration with Okta or OneLogin or similar SSO identity provider.

This returns data that is derived from a SSO application:

Find Application as app that
CONNECTS Account that RELATES TO Vendor as v
return app.displayName as app, as vendor, v.linkToSLA, v.linkToMSA

Or in a more generic way:

Find Application that RELATES TO (Vendor|Account)

Returns all applications that does not have a vendor or vendor account associated:

Find Application that !RELATES TO (Vendor|Account)

Are all system images updated in the past six months?

Find images that have been updated within 6 months:

Find Image with createdOn > - 6 months

Find images that have not be updated within 6 months:

Find Image with createdOn < - 6 months

What are the approved server/system images?

Find private images or the ones that have been specifically approved:

Find Image with public=false or approved=true

Who are my vendors? Do I have a BAA/DPA/NDA/MSA and SLA/Support Agreement with them?

Find Vendor

This is best viewed in the Asset Inventory app by selecting the Vendor class from the quick filter.