Multiple enhancements are available in the Managed Detection & Response platform that improve your experience when working with exposures, remediations, and scan scheduling. With these enhancements, you can now immediately view additional information on the Exposures page, easily export lists as needed, review upcoming expirations of disposed items, and more. Read on to learn more about the numerous improvements now available.
Enhanced Exposures & Remediations Experience
Numerous enhancements have been made to the Exposures page – found within the Alert Logic console at Respond – to streamline the experience and provide more details at a glance.
Export Exposures and Remediations
When reviewing a list of exposures or remediations, you can now easily export all or some of the list to a CSV file. To export the entire list of items that display on the page, select the checkbox next to the View filters at the top of the list. To only export specific exposures or remediations in the list, select the checkbox for each item you want to include in the export.
When any check box is selected, a blue bar displays at the bottom of the screen, listing the number of selected items and providing options to dispose of, conclude, or export the items. Click Export to export the list to a CSV file. This file includes details about each included item, such as the status, severity, CVE ID, and affected assets.
Additional Details and Sorting Options
With several new features on the Exposures page, you can identify additional information at a glance and more easily navigate through your lists of exposures and remediations. These enhancements include:
- Affected assets and exposures included in list
You can reference the total number of affected assets and exposure instances for each exposure and remediation directly from the list, rather than having to click into the item to see these numbers.
- Total counts now listed with filters
Similarly, when looking at open exposures and remediations, total counts now display alongside the filtering options, allowing you to quickly identify how many items are associated with each filter option. As you select filters, the totals for the remaining filters update to show how many items are associated with the currently selected filter in place.
- New sorting options
You can sort your list of exposures or remediations using four new sort options: severity, number of exposure instances, number of affected assets, and name. Once sorted, you can also reverse the order to sort ascending or descending. This new feature allows you to focus your attention on your top priorities with the flexibility to determine how you prioritize your actions.
- CVSS score aligned with severity
When reviewing exposures, the CVSS score has been moved to align with the severity of each exposure, simplifying the view.
- Updated terminology and labels
Some of the terminology used on the Exposures page has been updated to more closely match the terminology used in other areas of the Alert Logic console and more accurately represent the related information. For example, the Threat Level filter is now Severity, the Virtual Private Cloud filter is now VPC/Network, and so on.
- Health-related exposures removed
In July 2020, the Health console was enhanced to include configuration and connection remediations and exposures, since these are related to the health of Alert Logic deployments. These remediations and exposures – the items in the Configuration and Connection categories – have now been removed from the Exposures page and are only accessible within the Health console, allowing you to focus on security-related tasks within the Exposures page and health-related tasks within the Health console.
Further enhancements are available to simplify the process of disposing and concluding exposures and remediations. You can now dispose of/conclude multiple items at a time and more easily identify when disposals expire.
Note: For more information about disposing of vs. concluding remediations and exposures as well as additional considerations, refer to our Managing Exposures and Remediations article.
- Dispose of and conclude exposures for specific affected assets more easily
Using the same functionality described above for exporting remediations and exposures, you can now easily dispose of or conclude multiple items at a time. Simply select the check box next to the View options to select all items or select specific items to dispose of/conclude. Once any check boxes are selected, a blue box displays at the bottom of the screen, where you can click Conclude or Dispose to conclude/dispose all selected items at once.
- Review and sort by expiration of disposed exposures/remediations more easily
When reviewing disposed exposures and remediations, you can quickly identify the expiration date of the disposed item. The expiration date now displays on both the list view and the detail view when you drill down to an individual disposed item.
In addition, you can now sort the list of disposed items by expiration date to see which items are expiring soon.
New Scan Scheduling Options and Last Scanned Report
In addition to the Exposures enhancements, new features are also available when scheduling and reviewing scans. Two new frequency options are available when scheduling vulnerability scans, and a new report can help you easily determine when assets were last scanned.
New Scan Schedule Options
When scheduling an internal or external scan for a deployment, new options are available for determining the scan frequency and scan window. These options can be accessed on the Scan Scheduling window.
Note: The Scan Scheduling window is accessed at Configure > Deployments > select a deployment > Scan Schedules > add or edit a scan schedule.
- New Scan once a quarter option -
Under Scan Frequency, you can now select Scan once a quarter to perform a quarterly scan of selected assets. Once selected, you can select Scan only during certain times to select the month and day during which to perform the scan, such as the last day of the third month of the quarter, as seen in the following example.
- Scan on a specific weekday of the month -
When Scan once a month is selected under Scan Frequency, a new Scan only during a certain week on a certain day option is now available. This option allows you to pick a specific day of the week (rather than specific date) during which to perform the scan, such as the 1st Sunday of the month.
New Last Scanned Breakdown Report
Using the new Last Scanned Breakdown report, you can more easily determine when your assets were last scanned – or not scanned – so you can adjust your scan schedules accordingly. This new report is available at Validate > Reports > Current Vulnerability Breakdown > Last Scanned Breakdown.