Risk filters

You can add or remove filters to refine the risks that appear in the Risks table. You can also create custom filter sets to use later.

Note: Your filters are maintained for each browser tab session. If you open a new browser tab or add new parameters to the URL, the filters reset.
Filters are different for each tab:

All tab filters

In the Risks table, on the All tab, you can use filters to refine the data that displays in the table.

These filters are available:
  • Asset Category — The category of the asset. For example, Desktop, Laptop, or Printer. This information helps you to identify the purpose of the asset.
    Note:

    If there is not enough information to classify an asset, the asset appears in the Unassigned category.

  • Asset Criticality — The criticality of the asset to your daily operations. For example, None, Low, or Critical. The higher the criticality, the larger the business disruption in the event of an incident.

    For more information, see Edit asset criticality.

  • Asset ID — The universally unique identifier (UUID) of the asset.

  • Asset Name — The name of the asset in the Unified Portal.

  • Asset OS Type — The OS type of the asset where the vulnerability was discovered. Options include: Linux, macOS, Windows, or Unknown if a non-standard OS is identified.

  • Assignee — The user assigned to remediate the risk.

  • CISA KEV — Indicates whether the risk is present in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog. Options include: Yes or No.

  • CVSSv3 — The Common Vulnerability Scoring System version 3 (CVSSv3) score, which is an open framework for communicating the severity of information security vulnerabilities. Arctic Wolf uses this framework as an objective metric for prioritizing vulnerabilities.

  • Due Date — The date by which the risk is expected to be resolved.

  • First Detected Time — The date and time when this risk was first detected.

  • Last Detected Time — The date and time when the risk was most recently detected. This value updates each time a source detects the risk.

  • Resolution Date — The date when the risk was resolved.

  • Resolution Reason — The action that resolved the risk. Options include:

    • Scan — The latest successful vulnerability scan did not detect the risk.

    • Asset Deleted — The asset that the risk was associated with was deleted.

    • Stale — A vulnerability scan has not successfully completed within the last 45 days.

  • Risk Severity — The severity of the risk, based on risk score. The higher the risk score, the more severe the risk.

  • Score — The risk rating. Options include any number between 0.1 and 10, with 0.1 representing the lowest risk level.

  • Source — The scan that discovered the risk. Options include: Agent, IVA, or EVA.

  • State — The state of the risk, which is manually assigned by a user.

    For more information, see Risk states.

  • Status — The status of the risk, which is automatically assigned by the scanner. Options include: Resolved or Unresolved.

    For more information, see Risk statuses.

  • Vulnerability ID — The unique ID assigned to a vulnerability.

Group by Vulnerability tab filters

In the Risks table, on the Group by Vulnerability tab, you can use filters to refine the data that displays in the table.

These filters are available:

  • CISA KEV — Indicates whether the risk is present in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog. Options include: Yes or No.

  • CVSSv3 — The Common Vulnerability Scoring System version 3 (CVSSv3) score, which is an open framework for communicating the severity of information security vulnerabilities. Arctic Wolf uses this framework as an objective metric for prioritizing vulnerabilities.

  • First Detected Time — The date and time when this risk was first detected.

  • Last Detected Time — The date and time when the risk was most recently detected. This value updates each time a source detects the risk.

  • Risk Severity — The severity of the risk, based on risk score. The higher the risk score, the more severe the risk.

  • Score — The risk rating. Options include any number between 0.1 and 10, with 0.1 representing the lowest risk level.

  • Source — The scan that discovered the risk. Options include: Agent, IVA, or EVA.

  • Unresolved Risks — Vulnerability groups with one or more risks that are not resolved. Enter a Value of zero or higher.

  • Vulnerability ID — The unique ID assigned to the vulnerability.

  • Vulnerability Publish Time — The date when the vulnerability was first identified.

  • Vulnerability Update Time — The date when the vulnerability details were last changed.

Group by Remediation tab filters

In the Risks table, on the Group by Vulnerability tab, you can use filters to refine the data that displays in the table.

These filters are available:
  • Remediation Title — Remediation groups with a specific description. Enter the name of the software patch or configuration change.
  • Unresolved Risks — Remediation groups with one or more risks that are not resolved. Enter a Value of zero or higher.
  • CISA KEV — Remediation groups with a risk that is in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog. Options include: Yes or No.
  • Asset OS Type — Remediation groups that contain an asset with a specific OS type where the vulnerability was discovered. Options include: Linux, macOS, Windows, or Unknown if a non-standard OS is identified.
  • Highest Risk Score — For a specific remediation, the risk score of the risk with the highest risk score in the Unresolved Risks.
  • Highest Risk Severity — For a specific remediation, the risk severity of the risk with the highest risk score in the Unresolved Risks.
  • Highest CVSSv3 Score — For a specific remediation, the CVSSV3 score of the risk with the highest CVSSV3 score in the Unresolved Risks.