This topic explains how to create a query to vulnerabilities through the Risk module. This query displays information such as the category and the vulnerabilities found in technology assets that were analyzed in risk projects, which allows analysts to check how long a vulnerability has been left untreated. The results always display the most recent analysis data for each asset. This means that if the same asset is analyzed in more than one project, its analysis results will only display the risk indicators obtained from the latest closed vulnerability analysis. Information from other projects will not be included in these results.
For details on analyzing vulnerabilities identified in technology assets through risk projects, see Chapter 5: Risk -> Risk Management Projects.
1. Access the Risk module.
2. Select List Queries from the Queries section.
3. In the Project Queries section, click Create.
4. Click the Risk Metrics option and select Analyzed Vulnerabilities from the drop-down list that appears (see figure below).
The system displays the Scope step in the wizard for creating queries, where the projects from which information will be obtained can be selected (see figure below).
5. Click Add to Scope to select the projects to be included in the scope.
The system displays a list containing all the open or closed risk management projects registered in the system. Cancelled projects will not be listed.
6. Select the projects you want to include in the scope by marking the checkboxes next to each and clicking Add to Scope (see figure below). If you want to quit the operation, click Cancel.
7. To remove an item from the scope, mark the checkbox next to it and click Remove from Scope.
8. When finished, click Proceed to continue creating the query. If you want to run the query, click Generate Query. If you want to quit the operation, click Cancel.
When Proceed is clicked, the system displays the Filters step in the wizard for creating the query, where the filters to be used can be selected, which will reduce the information used to display the results (see figure below).
Note: Selecting a filter indicates that only the vulnerabilities meeting the criteria set in the filters selected will be considered in the query results. For example, if you filter the query by a certain vulnerability type (Information Gathered, Potential Vulnerability, or Vulnerability), only vulnerabilities of that type will be displayed.
9. Select the filter you want to use by clicking the filter options displayed on the left (see figure below).
10. Select the objects to be added to the filter (see figure below). The options will vary according to the type of filter.
11. After selecting the filters, click Proceed to continue creating the query. If you want to generate the query, click Generate Query. If you want to cancel query creation, click Cancel. To return to the previous step at any point during this wizard, click Back.
When Proceed is clicked, the system displays the Columns step, where the columns to be displayed in the query results can be selected (see figure below).
12. Select the columns you want to include in the query by marking the checkboxes next to each. By default, the system will show some pre-selected options that can be removed, while others are required columns. To include or remove optional columns in the results, simply mark or unmark the checkboxes next to their names.
13. Click Proceed to continue creating the query. If you want to generate the query, click Generate Query. If you want to cancel query creation, click Cancel. To return to the previous step at any point during this wizard, click Back.
When Proceed is clicked, the system displays the Audience step, where you can select which people and groups will be able to view the query in the Home module and in this module, if they have permission to access it (see figure below).
14. Click Add Audience and select People or Groups to add them.
15. If, for example, you selected People, select the people to be added and click Add People (see figure below). If you want to quit the operation, click Cancel.
The system displays the people selected.
16. To remove people or groups from the audience, mark the checkboxes next to their names and click Remove Audience.
The system requests confirmation to remove the people or groups from the audience (see figure below).
17. Click Remove Audience to confirm. If you want to quit the operation, click Cancel.
The system removes the people selected from the audience.
18. Click Proceed to continue creating the query. If you want to generate the query, click Generate Query. If you want to cancel query creation, click Cancel. To return to the previous step, click Back.
When Proceed is clicked, the system displays the Editors step, where you can select which people and groups will be able to edit the query, receiving the same permissions to it as the author (see figure below).
19. Click Add Editors and select People or Groups to add them to the list of editors.
20. If, for example, you selected People, select the people to be added and click Add People (see figure below).
The system displays the people selected.
21. To remove people or groups from the list of editors, mark the checkboxes next to their names and click Remove Editors.
The system requests confirmation to remove the people or groups from the list of editors (see figure below).
22. Click Remove Editors to confirm. If you want to quit the operation, click Cancel.
The system removes the people selected from the list of editors.
23. Click Proceed or Generate Query to run the query. If you want to cancel query creation, click Cancel. To return to the previous step, click Back.
When Proceed is clicked, the system displays the results of the query according to what was selected in the previous steps (see figure below).
24. Click Save to save the query data. If you do not want to save the query, click Cancel. To return to the previous step, click Back.
When Save is clicked, the system displays a window where a name and description for the query can be entered (see figure below).
25. In the Name field, enter a name to identify the purpose and reach of the query using up to 50 characters.
26. In the Description field, enter the main characteristics of the query using up to 4,000 characters.
27. When finished, click Save Query. If you want to quit the operation, click Cancel.
The system displays a success message.