Risk information pane

When you select a risk in the Risks table, an information pane opens for that risk. You can edit some fields in the information pane. Changes are reflected immediately.

Note:

If a field is irrelevant to the source that discovered the risk, or if the field has no value, it is set to N/A.

The risk information pane has these fields:

Field

Description

Resolution Date

The date when the risk was resolved. This field is set to N/A if the state of the risk is not Mitigated, False Positive, or Accepted.

Age

The number of days since the risk was discovered. A risk in the Risks table continues to age regardless of whether the risk is resolved.

Days to Resolution

The number of days between the discovery and resolution of the risk. This field is set to N/A if the state of the risk is not Mitigated, False Positive, or Accepted.

Action

The action that is required to mitigate the risk.

Risk Score

The risk rating. The higher the risk score, the more severe the risk.

Issue Description

A description of the risk.

Additional Details

Click See additional details to view more information that the scanner identified about the risk.

The information is different, depending on the scan source and risk. Some examples include:

  • Asset name, which you can click to view the Asset Profile
  • Risk source
  • Explanatory text or directions
  • Detection logic tree
  • Information about objects collected in the detection, like paths and versions

Remediation

The recommended actions to mitigate this risk.

First Detected

The date and time when this risk was first seen.

Most Recent Detected

The date and time when this risk was last seen.

Status

The status of the risk.

For more information, see Risk statuses.

State

The state of the risk. Select an option to change the state of a risk.

For more information, see Risk states.

Assigned To

The email of the user who is assigned to manage the risk. Select an option to change the assignment.

Due Date

The date by which this risk should enter the Fixed, Waiting Validation state. Select the date when remediation actions should be completed by.

Plan

The plan that this risk is assigned to. Select an option to change the assignment.

Host

The hostname of the risk that the Arctic Wolf® Agent or scanner identified. Click the hostname to view the asset information on the Asset page.

Source

 The source that discovered the risk. Possible values are:
  • external — This indicates an EVA scan.
  • scanner — This indicates an IVA scan.
  • agent — This indicates an Agent scan.

Issue Category

 The category of the issue. Possible values are:
  • Hardware
  • Configuration
  • SMB
  • Dictionary
  • Patch Exploits
  • Data Leak
  • Webcrawler

CVEs

Any known CVEs that this risk is part of.

References

A URL to documentation that outlines the steps recommended in Remediation.

Last Updated By

The user who last updated the fields in this information pane for this risk.

Comments

Any current comments about this risk that other users have left. Click Comments to open the Comments dialog, where you can leave your own comments.

Asset ID

The ID of the asset that has the vulnerability.

Scanner ID

The ID of the that scanner that performed the IVA scan, if applicable.

Deployment ID

The deployment ID of the scanner that performed the IVA scan, if applicable.

Host Annotations

Any host alias or annotations that were discovered during EVA scanning, if applicable.

Status Reason

An explanation of the risk status that results from IVA scanning, if applicable.

Issue Impact

 The potential impact to the organization if a bad actor exploits this vulnerability. Possible values are:
  • Data Theft — A bad actor can read and potentially modify unauthorized data that is stored on this host.
  • Denial of Service — A bad actor can intentionally disrupt one or more key services running on this host. Depending on the criticality of the service, this might disrupt daily employee tasks.
  • Session Hijack — A bad actor can take control of an open browser session. For example, an online banking session or Microsoft 365 session.
  • Account Theft — A bad actor can take over the account of a user or administrator. This lets the bad actor access any authorized service or data normally available to the compromised account. For example, reading or writing to a database or file storage to steal or modify data, stopping critical services, or, if this is an administrator account, installing malware such as backdoors, key loggers, or rootkits that compromise the host entirely.
  • Insecure Obsolete Software — The software is no longer supported and does not receive any security patches. Therefore the software likely contains many open and unidentified security vulnerabilities that a bad actor could easily take advantage of.
  • Active Breach Indicator — There are indicators that this host was or is currently breached. Immediate investigation should occur to determine if any mitigation steps are required.
  • Host Breach — This host is vulnerable to a bad actor taking over this host entirely, stealing or modifying data, denying services, or installing malware such as backdoors, key loggers, or rootkits.
  • Company Reputation — A bad actor can use open services on this host to attack other internet-connected devices. For example, a bad actor could use a misconfigured network time protocol (NTP) server for a reflection distributed denial-of-service (DDoS) attack, or use an open email relay server to send spam. This could result in your resources being publicly blocked or otherwise negatively affect the reputation of your organization.

To initiate a new scan, click Rescan. This only works with IVA and Agent risks.