Vulnerability Management

How to manage vulnerabilities that have been discovered.

Workflow

We have a 4 step process that helps establish a workflow for managing and remediating any issues that might be discovered. Those steps are:

  • New: This is the default status for a newly discovered issue.

  • Investigating: Set the issue's status to Investigating when you are researching it.

  • Confirmed: After an issue has been investigated and found to be a legitimate finding, it is confirmed.

  • Fixing: Finally, when an issue is being remediated, set it to Fixing.

We recommend that you investigate new issues as they are discovered. Most findings contain easy-to-use commands which can be helpful for verification. After confirming them, it’s time to decide what risk the finding poses to your organization. Use the risk rating to prioritize which vulnerabilities should be fixed first. High-severity issues, such as those rated 4-5, should be fixed as soon as possible. Once an issue has been fixed, you will see it disappear and your risk rating adjusted accordingly after the next scan verifies it no longer exists.

Assignment

Assignment allows you to tag members of your team to manage different parts of the issue workflow. To assign an issue, simply click the "Workflow" field and choose the team member from the "Assigned To" dropdown.

If there are any specific notes you'd like to leave, you can save those as well in the Notes area.

Acknowledgements & False Positives

After investigating an issue, you may discover that it poses an acceptable risk. These kinds of issues are typically low risk and are not feasible to remediate or may break existing functionality. On rare occasions, we may also discover that the issue was a false positive. In both situations, we can remove this issue from being flagged during future scans and affecting your risk score rating by setting an Acknowledgement and selecting the reason we have acknowledged it.

Acknowledged Issues, Hosts, and Elements that have not been detected for 120 days are automatically deleted from the system.

To view previous issues, hosts, and apps that have been acknowledged. Visit the Acknowledgements page.

Last updated

© 2024 Halo Security