View risk details

On the Risk Details page, you can view additional information about an individual risk. You can also edit some fields.

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Managed Risk > Risks.
    The Risks table displays. For more information, see Risks table.
  3. For the risk you want to view details of, in the Actions column, click > View Risk..
    The risk details appear. For more information, see Risk details.

Risk details

On the Risk Details page, you can view more detailed information about a specific Risks table risk.

The Risk Details page includes these fields:
  • Age — The number of days since the risk was discovered. A detected risk continues to age after it is resolved.
  • Asset Category — The category of the asset. For example, Desktop, Laptop, or Printer. This information helps you to identify the purpose of the asset.
    Note:

    If there is not enough information to classify an asset, the asset appears in the Unassigned category.

  • Asset Criticality — The criticality of the asset to your daily operations. For example, None, Low, or Critical. The higher the criticality, the larger the business disruption in the event of an incident.

    For more information, see Edit asset criticality.

  • Asset Name — The name of the asset in the Unified Portal. Click the asset name to view detailed information about the asset. For more information, see View an asset profile.
    Note: The device name defaults to the value found by the scan source, but you can edit the device name in the Risk Dashboard. For more information, see Edit a device name.

  • Asset OS Type — The OS type of the asset where the vulnerability was discovered. Options include: Linux, macOS, Windows, or Unknown if a non-standard OS is identified.

  • Asset Tags — The tags that are associated with the asset. They can help group assets for risk remediation.

  • Assigned To — The user assigned to remediate the risk.

  • CVEs — Links to any known Common Vulnerabilities and Exposures (CVE) that this risk is part of.

  • CVSS v3 Score — The Common Vulnerability Scoring System version 3 (CVSSv3) score, which is an open framework for communicating the severity of information security vulnerabilities. Arctic Wolf uses this framework as an objective metric for prioritizing vulnerabilities.

  • Days to Resolution — The number of days between the discovery and resolution of the risk.
  • Description — A description of the risk.

  • Due Date — The date by which the risk is expected to be resolved.

  • Edit Information — Allows you to edit the state, due date, and assigned owner of a risk.

    For more information, see Edit a risk.

  • Exploit Source — Displays CISA KEV if the CISA KEV value for a risk is Yes; otherwise, this field is not visible.

  • First Detected Time — The date and time when this risk was first detected.

  • Issue Name — The risk title or issue name.

  • ITSM Ticket ID — The ID of the ITSM ticket associated with the risk. This information is only available if you have your ITSM software integrated with the Unified Portal. For more information, see Integrate your ITSM solution with the Unified Portal and Create an ITSM ticket for the risks in your organization. Options include:

    • - — A ticket ID does not exist.

    • Ticket ID with hyperlink — The ticket number for the risk. Click the link to open the ticket in your ITSM software.

  • ITSM Ticket Status — The status of the ITSM ticket. This information is only available if you have your ITSM software integrated with the Unified Portal. For more information, see Integrate your ITSM solution with the Unified Portal and Create an ITSM ticket for the risks in your organization. Options include:

    • - — The risk does not currently have any ITSM tickets associated with it.

    • <#> Initiated — The number of tickets that were requested for the risk, but are not yet created in your ITSM software.

    • <#> Created — The number of tickets created for the risk in your ITSM software.

  • Last Detected Time — The date and time when the risk was most recently detected. This value updates each time a source detects the risk.

  • Publication Date — The date when the risk was first identified.
  • References — A URL to documentation that outlines the recommended remediation steps.
  • Remediation Steps — The recommended steps to resolved the risk.

  • Resolution Date — The date when the risk was resolved.

  • Resolution Reason — The action that resolved the risk. Options include:

    • Scan — The latest successful vulnerability scan did not detect the risk.

    • Asset Deleted — The asset that the risk was associated with was deleted.

    • Stale — A vulnerability scan has not successfully completed within the last 45 days.

  • Score — The risk rating. Options include any number between 0.1 and 10, with 0.1 representing the lowest risk level.

  • Severity — The severity of the risk, based on risk score. The higher the risk score, the more severe the risk.

  • Source — The scan that discovered the risk. Options include: Agent, IVA, or EVA.

  • State — The state of the risk, which is manually assigned by a user.

    For more information, see Risk states.

  • Status — The status of the risk, which is automatically assigned by the scanner. Options include: Resolved or Unresolved.

    For more information, see Risk statuses.

  • Update Date — The date when the risk details were last changed.