CISA KEV Report

The CISA Known Exploited Vulnerabilities (KEV) Catalog is a curated list maintained by the Cybersecurity and Infrastructure Security Agency (CISA). It includes vulnerabilities actively exploited in the wild and requiring immediate remediation. Organizations can use this intelligence to prioritize patching efforts and reduce exposure to cyber threats.

Key Benefits of CISA KEV

  • Identifies vulnerabilities with confirmed exploitation in real-world attacks.
  • Provides mandated patching deadlines (for U.S. federal agencies).
  • Helps organizations prioritize security patches effectively.

Use Cases

  • Security Teams: Helps in vulnerability management by focusing on critical threats.
  • Compliance: U.S. federal agencies must comply with KEV patching deadlines.
  • Threat Intelligence: Organizations can proactively monitor and defend against known exploited vulnerabilities.

Accessing CISA KEV report

To view the CISA KEV report, from BigFix SaaS Remediate, click Apps > CyberFOCUS. By default, the dashboard displays the CISA KEV report.
CyberFOCUS CISA KEV Report

CISA KEV Report Data Representation and Interactions

CyberFOCUS displays CISA KEV data in an interactive table and chart, offering insights into an organization’s exposure to known threats and take actions.

CISA KEV Chart Representation
CyberFOCUS CISA KEV bubble chart

  • CyberFOCUS uses a bubble chart to visualize CISA KEV data:

    • X-axis: Due date of the CVE.

    • Y-axis: Number of unique affected devices.

    • Bubble Size: Exposure count (larger bubbles indicate higher exposure).

    • Bubble Color: CVSS3 severity (darker color = higher severity).

    • Behavior:

      • Shrinking bubbles indicate that the vulnerabilities are partially remediated.

      • Fully remediated vulnerabilities disappear from the chart.

CISA KEV Chart Interactions
  • Hover for Details: Hover over a bubble in the graph to view additional details about the associated CVE and its impact on the applicable environment below the chart.
  • Show Selected Only: Filter the chart to display only the CVEs selected from the table.
  • Zoom Controls: Zoom in or out to focus on specific data points, with an option to reset the zoom level.
  • Detailed CVE Insights: Click on any bubble in the chart to view specific information, such as CVE details, Fixlet details, and other relevant content.
CISA KEV Table Representation
The table provides a structured list of vulnerabilities with key details:
Column Name Description
CVE ID The unique identifier for the vulnerability, sourced from NVD.
CVSS Score The severity rating from NVD, based on the Common Vulnerability Scoring System (CVSS).
Severity The risk level assigned to vulnerability (Critical, High, Medium, Low).
Due Date The deadline by which the vulnerability should be remediated, as per CISA.
Exposure Count The total number of Fixlet-device mappings required to remediate the vulnerability.
Unique Devices Affected The number of unique devices in your environment affected by the CVE.
Applicable Fixlets Fixlets that can be used to patch the affected devices.
Relevant Fixlets The subset of Fixlets that still need to be applied (after some patches have been deployed).
CISA KEV Table Interactions
  • Click for More Information: Click on a CVE in the table to access in-depth details, including a description, applicable Fixlets, and affected devices. A direct link to the National Vulnerability Database (NVD) is available on the details page for further reference.
  • Sort Functionality: Sort vulnerabilities by any column in the table to quickly identify and prioritize threats.
  • Start Remediation: Select one or more CVEs from the table and click the Remediate button to initiate the CyberFOCUS remediation flow.