When starting out with Patrowl and once we have obtained the list of all your assets, declared or found with the continuous discovery, they will be managed two ways:
Passive detection of vulnerabilities ;
Active detection of vulnerabilities; equivalent to intrusion test.
You can find all these scans in the Security Checks page of the Dashboard (see below).
This list is also available when you click on each asset in the menu Controls >Security Checks.
Once these scans are completed, qualified and relevant findings will either appear as vulnerabilities or risk insights.
When a vulnerability is identified, it is automatically prequalified depending on several criteria allowing you to focus on actual dangers.
Here are the main criteria :
False positive or real vulnerability ;
Technical criticality (CVSSv3) ;
Criticality of the vulnerable asset (low, medium, high) ;
Origin of the vulnerability (detected by Patrowl, known but not exploited; exploited, actively exploited) ;
Complexity of the remediation.
All recognized vulnerabilities are consolidated with four levels of severity (Critical, High, Medium et Low).
When a new vulnerability is found, its status appears as "New" and you can update the status to "Ack" (acknowledged) or "Assigned" for example if you have assigned the vulnerability to a member of your team.
To change the status, in the Status column of the Qualified vulnerabilities view, click on the status and a drop down menu will appear where you can select the status that applies.
You are alerted by email when a critical vulnerability is found and every week, a summary of all your vulnerabilities is sent to you.
You can change your preferences for these communication from the settings of your account.
Once the vulnerability has been remedied, you can change its status to Closed or ask for a retest to make sure it is no longer active.