Risks data

Risks data includes security risks that Arctic Wolf detected using one or more of these vulnerability and configuration scans:

  • IVA scans
  • EVA scans
  • Arctic Wolf Agent host-based vulnerability scans
  • Cloud Security Posture Management (CSPM) scans

Arctic Wolf retains this data for the last 12 months.

The Risks table includes this information:

Note:
  • This table does not contain data gathered from account takeover scans. For a list of account takeover data, see Account Takeover data.
  • The City, Country, and Scan ID fields do not populate in this table.

Column

Description

Age

The age of a vulnerability in days.

Asset Category

The type of asset that the risk was detected on.

Note:

This only populates for risks discovered by an IVA scan.

Asset Criticality
A label that helps you prioritize risks based on how critical an asset is to your infrastructure. Possible values are:
  • Unassigned — The default value for all devices.
  • None — Defer risk remediation, for example, because these assets are not interconnected with business systems.
  • Low — Defer risk remediation until higher-priority tasks are completed. These assets are unlikely targets for malicious activity, or have negligible negative impact if compromised.
  • Medium — Monitor for risk escalation. These assets have moderate negative impact if compromised.
  • High — Isolate and limit asset use until remediation. These assets have short-term compensating controls available, or are interconnected with external systems.
  • Critical — Remediate risks immediately. These assets are likely targets for malicious activity.
Tip:

See Edit asset criticality for more information.

Asset Name

The name or IP address of the asset that the risk was detected on.

Asset Tags
A set of labels that you apply to an asset to assist with risk mitigation planning. An asset can have more than one tag. A tag can be a custom value or one of these preset options:
  • backup_recovery — An asset that directly or indirectly engages in the preservation of data for the purposes of recovery.
  • gdpr — An asset that, if compromised, would make a business or organization in violation of their GDPR legal responsibilities, as the European Union mandates.
  • iam — An Identity and Access Management (IAM) system that provides users access to resources based on defined roles as policies.
  • internet_facing — An asset that can be reached through the public internet.
  • network_infra — An asset that makes communication between endpoints possible, including routers, switches, and firewalls.
  • pci — An asset that engages in the handling of credit card data, as part of the payment card industry (PCI) data security standards compliance.
  • pii — An asset that engages in the storage, retrieval, and/or processing of data that relates to an identified or identifiable natural person.
  • remote_access — An asset that is configured for remote access, including VPN gateways, and sign-in services. For example, RDP and SSH.
Tip:

To change this field value, see Edit asset tags.

Attack Vector

The relative location where the risk originated from. Possible values are Adjacent, Local, or Network.

Note:

This only populates for risks discovered by an IVA scan.

Customer

Your customer ID.

Customer UUID

Your unique identifier.

CVE

The CVE identifiers of associated risks.

Deployment ID

The ID of the Arctic Wolf appliance that detected this.

Date

The date that this entry was generated.

Device ID

The identifier of the asset that the risk was detected on.

First Detected Date

The date when the risk was first detected.

First Identified

Whether this was the first time this was the risk was detected. Possible values are true or false.

Found By

The category of scan type used to find the risk. This does not populate with Agent scans. Possible values are openvas, webserver, **cloudscan\

aws* , * cloudscan\

azure* , or * cloudscan\

gcp**.

IP Address

The IP address of the asset containing the risk.

Issue Description

A description of the identified risk.

Issue Family

The associative group of the issue name.

Note:

This only populates for risks discovered by an IVA scan.

Issue Name

The name of the risk.

Latitude

The longitude of the asset that the risk was detected on. This is derived from the IP address of the asset.

Longitude

The latitude of the asset that the risk was detected on. This is derived from the IP address of the asset.

Resolution Date

The date when the risk was resolved.

Risk Score

The risk score at the time that this risk was detected.

Tip:

See View risk metrics for more information.

Scan Type

The type of scans Arctic Wolf performs from outside the network, inside the network, and on a device with the Arctic Wolf Agent installed. Possible values are eva, iva, or agent.

Source

The origin of the scan. Possible values are agent, sensor, or reach.

State

The state of the risk. Possible values are Open, Acknowledged, In-Planning, Mitigation/Fix in Progress, Mitigated, Unsuccessful Validation, False Positive, or Accepted.

Tip:

See Risk states for more information.

Status

The status of the scan. Possible values are Active, Inactive, or Obsolete.

Note:

The Mitigated status is not supported in Analytics. See Risk statuses for more information.

Threat

The severity of the threat. Possible values are Low, Medium, or High.

Note:

The severity might not be the same value that is displayed in the Risk Dashboard. Risks in the Risk Dashboard can also have a value of Critical.