This topic explains how to create a query to vulnerabilities through the Organization module. This query displays information such as the category and the status of vulnerabilities found in technology assets that were analyzed in risk projects, which allows analysts to check how long a vulnerability has been left untreated. The results always display the most recent information on the assets queried in the risk projects in which they were analyzed.
For details on analyzing vulnerabilities identified in technology assets through risk projects, see Chapter 5: Risk -> Risk Management Projects.
1. Access the Organization module.
2. Select List Queries from the Queries section.
3. In the Organizational Queries section, click Create.
4. Select the Risk Metrics option and click Analyzed Vulnerabilities from the drop-down list that appears (see figure below).
The system displays the Scope step in the wizard for creating queries, where the assets and perimeters from which information will be obtained can be selected (see figure below).
5. Click Add to Scope to select the assets and perimeters to be included in the scope.
The system displays a list containing the objects registered in the Organization module.
6.
Click Expand (
) to view the full organization
structure.
7. Select the objects you want to include in the scope by marking the checkboxes next to each and clicking Add to Scope. If you want to quit the operation, click Cancel (see figure below).
8. To remove an item from the scope, mark the checkbox next to it and click Remove from Scope.
9. When finished, click Proceed to continue creating the query. If you want to run the query, click Generate Query. If you want to quit the operation, click Cancel.
When Proceed is clicked, the system displays the Filters step in the wizard for creating the query, where the filters to be used can be selected, which will reduce the information used to display the results (see figure below).
10. In the Filters section, select an option to filter the scope of the query (see figure below).
Note: Selecting a filter indicates that only the vulnerabilities meeting the criteria set in the filters selected will be displayed in the query results. For example, if you filter the query by a certain vulnerability type (Information Gathered, Potential Vulnerability, or Vulnerability), only vulnerabilities of that type will be displayed in the results.
The filter options for this type of query include: event status, asset, processing date, date sent to treatment, risk status, category, vulnerability level, type of vulnerability, vulnerability.
11. Depending on the filter option selected, mark the checkboxes next to the objects to be added to the filter or click Add to Filter to select the objects that will be used to filter the scope of the query (see figure below). Note that the options available vary depending on the type of filter you choose.
12. After selecting the filters, click Proceed to continue creating the query. If you want to generate the query, click Generate Query. If you want to cancel query creation, click Cancel. To return to the previous step at any point during this wizard, click Back.
When Proceed is clicked, the system displays the Columns step, where the columns to be displayed in the query results can be selected (see figure below).
13. Select the columns you want to include in the query by marking the checkboxes next to each. By default, the system will show some pre-selected options that can be removed, while others are required columns. To remove non-required columns from the results of the query, unmark the checkbox next to each column name. To include more columns in the results, select the options that are not pre-selected by default.
14. Click Proceed to continue creating the query. If you want to generate the query, click Generate Query. If you want to cancel query creation, click Cancel. To return to the previous step at any point during this wizard, click Back.
When Proceed is clicked, the system displays the Audience step, where you can select which people and groups will be able to view the query in the Home module and in this module, if they have permission to access it (see figure below).
15. Click Add Audience and select People or Groups to add them.
16. If, for example, you selected People, select the people to be added and click Add People (see figure below). If you want to quit the operation, click Cancel.
The system displays the people selected.
17. To remove people or groups from the audience, mark the checkboxes next to their names and click Remove Audience.
The system requests confirmation to remove the people or groups from the audience (see figure below).
18. Click Remove Audience to confirm. If you want to quit the operation, click Cancel.
The system removes the people selected from the audience.
19. Click Proceed to continue creating the query. If you want to generate the query, click Generate Query. If you want to cancel query creation, click Cancel. To return to the previous step, click Back.
When Proceed is clicked, the system displays the Editors step, where you can select which people and groups will be able to edit the query, receiving the same permissions to it as the author (see figure below).
20. Click Add Editors and select People or Groups to add them to the list of editors.
21. If, for example, you selected People, select the people to be added and click Add People (see figure below).
The system displays the people selected.
22. To remove people or groups from the list of editors, mark the checkboxes next to their names and click Remove Editors.
The system requests confirmation to remove the people or groups from the list of editors (see figure below).
23. Click Remove Editors to confirm. If you want to quit the operation, click Cancel.
The system removes the people selected from the list of editors.
24. Click Proceed or Generate Query to run the query. If you want to cancel query creation, click Cancel. To return to the previous step, click Back.
When Proceed is clicked, the system displays the results of the query according to what was selected in the previous steps (see figure below).
25. Click Save to save the query data. If you do not want to save the query, click Cancel. To return to the previous step, click Back.
When Save is clicked, the system displays a window where a name and description for the query can be entered (see figure below).
26. In the Name field, enter a name to identify the purpose and reach of the query.
27. In the Description field, enter the main characteristics of the query.
28. When finished, click Save Query. If you want to quit the operation, click Cancel.
The system displays a success message.