Vulnerability management

Which applications or code repos are vulnerable?

Requires at least one application scanner integration such as Veracode or WhiteHat.

Find (Application|CodeRepo) as app that has (Finding|Vulnerability) as vuln
return
  app._type, app.displayName,
  vuln._type, vuln.displayName, vuln.severity, vuln.numericSeverity

Which systems/instances are vulnerable?

Requires enabling AWS Inspector, GuardDuty, Tenable or similar integration.

Find (Host|Workload|DataStore) as system
  that has (Finding|Vulnerability) as vuln
return
  system._type, system.displayName,
  vuln._type, vuln.displayName, vuln.severity, vuln.numericSeverity

What open vulnerabilities do I have?

Find (Finding|Vulnerability) with open=true

This is best viewed in the Alerts app under Open Findings tab.

What vulnerabilities are suppressed/resolved/marked as exception?

Similar, you can query for vulnerability findings that are resolved/suppressed or marked as exception:

Find (Finding|Vulnerability)
  with open=false or suppressed=true or exception=true

Do I have proper vendor support for my software applications?

Requires integration with Okta or OneLogin or similar SSO identity provider.

This returns data that is derived from a SSO application:

Find Application as app that
  CONNECTS Account that RELATES TO Vendor as v
return app.displayName as app, v.name as vendor, v.linkToSLA, v.linkToMSA

Or in a more generic way:

Find Application that RELATES TO (Vendor|Account)

Returns all applications that does not have a vendor or vendor account associated:

Find Application that !RELATES TO (Vendor|Account)

Are all system images updated in the past six months?

Find images that have been updated within 6 months:

Find Image with createdOn > date.now - 6 months

Find images that have not be updated within 6 months:

Find Image with createdOn < date.now - 6 months

What are the approved server/system images?

Find private images or the ones that have been specifically approved:

Find Image with public=false or approved=true

Who are my vendors? Do I have a BAA/DPA/NDA/MSA and SLA/Support Agreement with them?

Find Vendor

This is best viewed in the Asset Inventory app by selecting the Vendor class from the quick filter.

Which applications or code repos are vulnerable?​

Which systems/instances are vulnerable?​

What open vulnerabilities do I have?​

What vulnerabilities are suppressed/resolved/marked as exception?​

Do I have proper vendor support for my software applications?​

Are all system images updated in the past six months?​

What are the approved server/system images?​

Who are my vendors? Do I have a BAA/DPA/NDA/MSA and SLA/Support Agreement with them?​

Contents