Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Searching Vulnerability Data

In JSA Vulnerability Manager, you can identify important vulnerabilities by searching your vulnerability data.

JSA Vulnerability Manager provides various methods to search your data. You can search by network, by asset, by open service, or by vulnerability.

Default saved searches provide a fast method of identifying the risk to your organization. Saved searches are displayed in the Available Saved Searches field on the Vulnerability Manager Search page.

You must create a scan profile and scan your network assets.

  1. Click the Vulnerabilities tab.

  2. In the navigation pane, click Manage Vulnerabilities.

  3. On the toolbar, select Search > New Search.

  4. If you want to load a saved search, do the following steps:

    1. Select a group from the Group list.

    2. In the Type Saved Search field, type the saved search that you want to load.

    3. From the Available Saved Searches list, select a saved search, and then click Load.

    4. Click Search.

  5. If you want to create a new search, do the following steps in the Search Parameters pane:

    1. In the first list, select the parameter that you want to use.

    2. In the second list, select a search modifier. The modifiers that are available depend on the search parameter that you select.

    3. In the third list, type or select the specific information that is related to your search parameter.

    4. Click Add Filter.

    For example, to email the vulnerabilities that are assigned to a technical user, select Technical Owner Contact and provide an email address that is configured on the Vulnerability Assignment page.

  6. Click Search.

  7. On the toolbar, click Save Search Criteria.

    Note:

    Vulnerability reports use saved search information. If you want to create a report that emails a technical user, you must save your search criteria.

Vulnerability Quick Searches

Search vulnerabilities by typing a text search string that uses simple words or phrases.

In JSA Vulnerability Manager, you can use quick searches to filter vulnerabilities on the My Assigned Vulnerabilities and Manage Vulnerabilities pages.

Use the Quick Searches list to do a pre-configured vulnerability search.

Use the Quick Filter field to create your own vulnerability filters. Click Save Search Criteria to add your vulnerability quick filters to the Quick Searches list.

Table 1: Vulnerability Quick Filter Syntax Guidelines

Description

Example

Include any plain text that you expect to find in vulnerability title, description, solution, concern, reference ID type, or reference ID value.

2012-3764

MS203

java

To search only the text in the vulnerability title, add :A to the search text string

PHP:A

To search only the text in the vulnerability description, add :B to the search text string

cross-site scripting:B

To search only the text in the vulnerability external reference type, add :C to the search text string

RedHat RHSA:C

Include wildcard characters. The search term cannot start with a wildcard.

SSLv*

Group terms with logical operators: AND, OR, and NOT (or !). To be recognized as logical operators and not as search terms, the operators must be uppercase.

PHP AND Traversal

XSS:A OR cross-site scripting:A

!MySQL

NOT MySQL

Vulnerability Search Parameters

In JSA Vulnerability Manager, you can search your vulnerability data and save the searches for later use.

The following table is not a complete list of vulnerability search parameters, but a subset of the available options.

Select any of the parameters to search and display vulnerability data.

Table 2: Vulnerability Search Parameters

Option

Description

Access Complexity

The complexity of the attack that is required to exploit a vulnerability.

Access Vector

The network location from where a vulnerability can be exploited.

Asset saved search

The host, IP address, or range of IP addresses associated with a saved asset search.

For more information about saving asset searches, see the Users Guide for your product.

Assets with Open Service

Assets that have specific open services. For example, HTTP, FTP, and SMTP.

Authentication

The number of times an attacker must authenticate against a target to exploit a vulnerability.

Availability Impact

The level that resource availability can be compromised if a vulnerability is exploited.

Confidentiality Impact

The level of confidential information that can be obtained if a vulnerability is exploited.

Days since asset found

The elapsed number of days since the asset with the vulnerability was discovered on your network. Assets can be discovered either by an active scan or passively by using log or flow analysis.

Days since associated vulnerability service traffic

Displays vulnerabilities on assets with associated layer 7 traffic to or from an asset, based on the elapsed number of days since the traffic was detected.

Domain

If you configured JSA for multi-domain systems, use this option to specify the domain you want to search for vulnerabilities.

By Open Service

Search for vulnerabilities that are associated with particular open services such as, HTTP, FTP, and SMTP.

Impact

The potential impact to your organization. For example, access control loss, downtime, and reputation loss.

Include early warnings

Include newly published vulnerabilities that are detected in your network and are not present in any scan results.

Include vulnerability exceptions

Those vulnerabilities with an exception rule applied.

Integrity Impact

The level to which system integrity might be compromised if a vulnerability is exploited.

Only include assets with risk

Vulnerabilities that pass or fail specific risk policies that are defined and monitored in JSA Risk Manager.

Note:

You must monitor at least one question in the Policy Monitor page on the Risks tab to use this search parameter.

Only include assets with risk passed

Vulnerabilities that pass specific risk policies that are defined and monitored in JSA Risk Manager.

Only include early warnings

Include only newly published vulnerabilities that are detected in your network and are not present in any scan results.

Only include Vulnerability Exceptions

Include only vulnerabilities with an exception rule applied in your search.

Overdue by Days

Search for vulnerabilities that are overdue for remediation by a specified number of days.

Patch Status

Filter vulnerabilities by patch status. For more information, see Identifying the Patch Status Of Your Vulnerabilities.

PCI Severity

Search for vulnerabilities by the PCI Severity level (High, Medium, or Low) assigned by the PCI compliance service. Vulnerabilities assigned a High or Medium PCI Severity level fail PCI compliance.

Quick Search

You can search for a vulnerabilities title, description, solution, and external reference ID. In the Quick Search field, you can use AND, OR, and NOT operators, and brackets.

Risk

Search for vulnerabilities by risk level (High, Medium, Low, Warning).

Unassigned

Search for vulnerabilities with no assigned user to remediate them.

Vulnerability External Reference

Vulnerabilities that are based on an imported list of vulnerability IDs, for example CVE ID. For more information about Reference Sets, see the Juniper Secure Analytics Administration Guide for your product.

Vulnerability has a virtual patch from vendor

Vulnerabilities that can be patched by an intrusion prevention system.

Vulnerability state

The status of the vulnerability since the last scan of your network or specific network assets. For example, when you scan assets, the vulnerabilities that are discovered are either New, Pre-existing, Fixed, or Existing.

Vulnerability with risk

Filter vulnerabilities by risk policy results.

You must monitor at least one question in the Policy Monitor page on the Risks tab to use this search parameter.

Saving Your Vulnerability Search Criteria

In JSA Vulnerability Manager, you can save your vulnerability search criteria for future use.

  1. Click the Vulnerabilities tab.

  2. In the navigation pane, click Manage Vulnerabilities.

  3. On the toolbar, select Search >New Search and complete the search of your data.

  4. On the toolbar, click Save Search Criteria.

  5. In the Save Search Criteria window, type a recognizable name for your saved search.

  6. To include your saved search in the Quick Searches list on the toolbar, then click Include in my Quick Searches.

  7. To share your saved search criteria with all JSA users, then click Share with Everyone.

  8. To place your saved search is a group, then click a group or click Manage Groups to create a new group.

    For more information about managing search groups, see the Juniper Secure Analytics Administration Guide for your product.

  9. If you want to show the results of your saved search when you click any of the Manage Vulnerabilities pages in the navigation pane, then click Set As Default.

  10. Click OK.

Deleting Saved Vulnerability Search Criteria

In JSA Vulnerability Manager, you can delete your saved vulnerability search criteria.

  1. Click the Vulnerabilities tab.

  2. In the navigation pane, select Manage Vulnerabilities >By Network

  3. On the toolbar, select Search >New Search.

  4. On the Vulnerability Manager Search page, in the Available Saved Searches list, select the saved search that you want to delete.

  5. Click Delete.

  6. Click OK.