CISA KEV report
CISA Known Exploited Vulnerabilities (KEV) webreport utilises the data provided by the Cybersecurity & Infrastructure Security Agency (CISA) KEV Catalog and the associated CISA due dates, analyses and compares them with the patch levels of the devices in your BigFix environment, and visualizes the vulnerability intelligence as a bubble chart to assess and prioritize the vulnerabilities.
Note: The CISA Kev report requires access to the CISA-KEV site and the site
must be enabled.
To reduce the significant risk of KEV, CISA's Binding Operational Directive 22-01 (BOD 22-01)
mandates federal agencies to remediate vulnerabilities within a specific time frame.
CISA maintains CISA KEV (Known Exploitable Vulnerabilities)
Catalog as the intelligence source that can be used to get insights on
prioritizing and remediating vulnerabilities.To view the CISA KEV report, from BigFix CyberFOCUS Analytics web
report, click the CISA KEV tab.
-
The bubbles on the chart indicate CVE’s and the size of the bubble indicates the total number of exposures to that CVE.
- Color of the bubble indicates CVSS3-Severity. Darker the color, higher the severity.
-
X axis denotes the timeline selected as per the View By drop-down.
-
Y axis denotes the number of unique machines.
View By
You can sort the CVE's based on the following options:
- CISA Due date: Due date determined by CISA for a CVE.
- CISA Date Added Date: The date when the CVE is added to the CISA KEV Catalog.
- CVE Release Date: The date when the CVE is released.
- CISA Due date (for only pass due): This is same as CISA Due date, but excludes the CVEs that are due in the future.
CVE metadata
When you mouse over a bubble, the
report dynamically displays the metadata of the CVE (as provided by CISA and
National Vulnerability Database) at the bottom of the chart.
Click on the
NIST Details link to take you to the official website of the
National Vulnerability Database where you can find up-to-date information about the
relevant
CVE.Fixlet information
For a CVE, you can view the complete details of the relevant Fixlets including the
Fixlet name, ID, applicable machines. To do that, from the pane where CVE metadata is displayed,
click on the number next to # of Fixlets applicable.
Click expand or collapse to view or hide the details.
Click expand or collapse to view or hide the details.