Once you start with Patrowl and we have received the list of your assets, declared or found with the continuous discovery, they are managed two ways :
Passive detection of vulnerabilities ;
Active detection of vulnerabilities, equivalent to intrusion tests.
This article will focus on passive detection of vulnerabilities.
Every asset managed in Patrowl receives a passive analysis similar to External Attack Surface Management (EASM).
The information presented include :
Names and versions of services, softwares and exploitation systems if available ;
Names and versions of frameworks et libraries ;
TCP ports and open UDP with related services ;
Associated certificates ;
Information related to domain name recordings ;
Information related to IP addresses (location, ASN, etc.).
For each information, if a known vulnerability (CVE) is detected or if a configuration default is identified, a warning will be displayed. As it comes from passive detection, this warning will only appear as a potential risk without qualification.
You will find these information in the tab Risk Insights, classified by theme (certificates, exposed services…).
These security alerts are not considered as qualified vulnerabilities by Patrowl but client policies (internal tools and processes, specific activities, etc.) can require you to qualify them as vulnerabilities.
In such cases, you can manually turn a risk into a vulnerability from the risk insights tab.
To do so, select the case on the left of the risk then click on Action then Create a vulnerability. In the window that will open, click on the button Create.
Risk Insights policies
Also, if you wish to systematically transform a specific type of risk into a vulnerability, you can do so thanks to our Risk insights policy feature.
For this, you can go to the Organization tab on the left, then in the settings of the dashboard you will find the field Risk insights policies.
Select "New policy" and fill out the necessary fields with the rules you want to apply.
