Managed Risk


Risk Dashboard

Updated Feb 12, 2024

Risk information pane

When you select a risk in the Risks table, an information pane opens for that risk. You can edit some fields in the information pane. Changes are reflected immediately.

Note: If a field is irrelevant to the source that discovered the risk, or if the field has no value, it is set to N/A.

The risk information pane has these fields:

Field Description
Resolution Date The date when the risk was resolved. This field is set to N/A if the state of the risk is not Mitigated, False Positive, or Accepted.
Age The number of days since the risk was discovered. A risk in the Risks table continues to age regardless of whether the risk is resolved.
Days to Resolution The number of days between the discovery and resolution of the risk. This field is set to N/A if the state of the risk is not Mitigated, False Positive, or Accepted.
Action The action that is required to mitigate the risk.
Risk Score The risk rating. The higher the risk score, the more severe the risk.
Issue Description A description of the risk.
Additional Details Click Details to view more information that the scanner has identified about the risk.
Remediation The recommended actions to mitigate this risk.
First Detected The date and time when this risk was first seen.
Most Recent Detected The date and time when this risk was last seen.
Status The status of the risk. See Risk statuses for more information.
State The state of the risk. Select an option to change the state of a risk. See Risk states for more information.
Assigned To The email of the user who is assigned to manage the risk. Select an option to change the assignment.
Due Date The date by which this risk should enter the Fixed, Waiting Validation state. Select the date when remediation actions should be completed by.
Plan The plan that this risk is assigned to. Select an option to change the assignment.
Host The hostname of the risk that the Arctic Wolf® Agent or scanner identified.
Source The source that discovered the risk. Possible values are:
  • external — This indicates an EVA scan.
  • scanner — This indicates an IVA scan.
  • agent — This indicates an Agent scan.
Issue Category The category of the issue. Possible values are:
  • Hardware
  • Configuration
  • SMB
  • Dictionary
  • Patch Exploits
  • Data Leak
  • Webcrawler
  • CVEs Any known CVEs that this risk is part of.
    References A URL to documentation that outlines the steps recommended in Remediation.
    Last Updated By The user who last updated the fields in this information pane for this risk.
    Comments Any current comments about this risk that other users have left. Click Comments to open the Comments dialog, where you can leave your own comments.
    Asset ID The ID of the asset that has the vulnerability.
    Issue ID The unique identifier of the risk.
    Scanner ID The ID of the that scanner that performed the IVA scan, if applicable.
    Deployment ID If this risk was identified during:
    • An IVA scan — This field displays the deployment ID of the scanner.
    • An EVA scan — This field displays the deployment ID of the target risk.
    • An Agent scan — This field displays the organization ID.
    Host Annotations Any host alias or annotations that were discovered during EVA scanning, if applicable.
    Status Reason An explanation of the risk status that results from IVA scanning, if applicable.
    Issue Impact The potential impact to the organization if a bad actor exploits this vulnerability. Possible values are:
    • Data Theft — A bad actor can read and potentially modify unauthorized data that is stored on this host.
    • Denial of Service — A bad actor can intentionally disrupt one or more key services running on this host. Depending on the criticality of the service, this may disrupt daily employee tasks.
    • Session Hijack — A bad actor can take control of an open browser session. For example, an online banking session or Microsoft 365 session.
    • Account Theft — A bad actor can take over the account of a user or administrator. This lets the bad actor access any authorized service or data normally available to the compromised account. For example, reading or writing to a database or file storage to steal or modify data, stopping critical services, or, if this is an administrator account, installing malware such as backdoors, key loggers, or rootkits that compromise the host entirely.
    • Insecure Obsolete Software — The software is no longer supported and does not receive any security patches. Therefore the software likely contains many open and unidentified security vulnerabilities that a bad actor could easily take advantage of.
    • Active Breach Indicator — There are indicators that this host was or is currently breached. Immediate investigation should occur to determine if any mitigation steps are required.
    • Host Breach — This host is vulnerable to a bad actor taking over this host entirely, stealing or modifying data, denying services, or installing malware such as backdoors, key loggers, or rootkits.
    • Company Reputation — A bad actor can use open services on this host to attack other internet-connected devices. For example, a bad actor could use a misconfigured network time protocol (NTP) server for a reflection distributed denial-of-service (DDoS) attack, or use an open email relay server to send spam. This could result in your resources being publicly blocked or otherwise negatively affect the reputation of your organization.

    To initiate a new scan, click Rescan. This only works with IVA and Agent risks.