Vulnerability contextualization
First Claim
1. A method for contextualizing vulnerabilities, the method performed by a server including a processor and a non-transitory computer readable medium with computer-executable instructions stored thereon, such that when the instructions are executed by the processor, the server performs the method comprising:
- importing raw vulnerability data from a vulnerability scanner, the raw vulnerability data including one or more vulnerability data wherein each vulnerability data includes a vulnerability identification (ID) and an asset value;
importing an asset inventory from an asset database;
merging the asset inventory and the raw vulnerability data to obtain contextual vulnerability data, the contextual vulnerability data including one or more vulnerability data linked to a vulnerability ID, an asset value, and an asset owner;
categorizing the contextual vulnerability data; and
generating a report of the categorized contextual vulnerability data, wherein categorizing the contextual vulnerability data includes at least one of,determining whether a vulnerability is a duplicate, and in response to the vulnerability being a duplicate, categorizing the vulnerability as duplicate;
determining whether an exception is approved for the vulnerability, and in response to the exception being approved, categorizing the vulnerability as exception;
determining whether the vulnerability is superseded, and in response to the vulnerability being superseded, categorizing the vulnerability as superseded;
determining whether the vulnerability has a fix, and in response to the vulnerability not having a fix, categorizing the vulnerability as not having a fix;
determining whether the vulnerability is a patch, and in response to the vulnerability having a patch, categorizing the vulnerability as the patch in progress; and
determining whether the vulnerability is application dependent, in response to the vulnerability being application dependent, categorizing the vulnerability as application dependent, and in response to the vulnerability being application independent, categorizing the vulnerability as infrastructure.
1 Assignment
0 Petitions
Accused Products
Abstract
An embodiment of the disclosure provides a method for contextualizing vulnerabilities. The method is performed by a server including a processor and a non-transitory computer-readable medium with computer-executable instructions stored thereon, such that when the instructions are executed by the processor, the server performs the method including: (a) importing raw vulnerability data from a vulnerability scanner, the raw vulnerability data including one or more vulnerability data wherein each vulnerability data includes a vulnerability identification (ID) and an asset value; (b) importing an asset inventory from an asset database; (c) merging the asset inventory and the raw vulnerability data to obtain contextual vulnerability data, the contextual vulnerability data including one or more vulnerability data linked to a vulnerability ID, an asset value, and an asset owner; (d) categorizing the contextual vulnerability data; and (e) generating a report of the categorized contextual vulnerability data.
-
Citations
18 Claims
-
1. A method for contextualizing vulnerabilities, the method performed by a server including a processor and a non-transitory computer readable medium with computer-executable instructions stored thereon, such that when the instructions are executed by the processor, the server performs the method comprising:
-
importing raw vulnerability data from a vulnerability scanner, the raw vulnerability data including one or more vulnerability data wherein each vulnerability data includes a vulnerability identification (ID) and an asset value; importing an asset inventory from an asset database; merging the asset inventory and the raw vulnerability data to obtain contextual vulnerability data, the contextual vulnerability data including one or more vulnerability data linked to a vulnerability ID, an asset value, and an asset owner; categorizing the contextual vulnerability data; and generating a report of the categorized contextual vulnerability data, wherein categorizing the contextual vulnerability data includes at least one of, determining whether a vulnerability is a duplicate, and in response to the vulnerability being a duplicate, categorizing the vulnerability as duplicate; determining whether an exception is approved for the vulnerability, and in response to the exception being approved, categorizing the vulnerability as exception; determining whether the vulnerability is superseded, and in response to the vulnerability being superseded, categorizing the vulnerability as superseded; determining whether the vulnerability has a fix, and in response to the vulnerability not having a fix, categorizing the vulnerability as not having a fix; determining whether the vulnerability is a patch, and in response to the vulnerability having a patch, categorizing the vulnerability as the patch in progress; and determining whether the vulnerability is application dependent, in response to the vulnerability being application dependent, categorizing the vulnerability as application dependent, and in response to the vulnerability being application independent, categorizing the vulnerability as infrastructure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A server for contextualizing vulnerabilities, the server including a processor and a non-transitory computer readable medium containing instructions stored thereon, such that when the instructions are executed by the processor, the server performs the method comprising:
-
importing raw vulnerability data from a vulnerability scanner, the raw vulnerability data including one or more vulnerability data wherein each vulnerability data includes a vulnerability identification (ID) and an asset value; importing an asset inventory from an asset database; merging the asset inventory and the raw vulnerability data to obtain contextual vulnerability data, the contextual vulnerability data including one or more vulnerability data linked to a vulnerability ID, an asset value, and an asset owner; categorizing the contextual vulnerability data; and generating a report of the categorized contextual vulnerability data, wherein categorizing the contextual vulnerability data includes at least one of, determining whether a vulnerability is a duplicate, and in response to the vulnerability being a duplicate, categorizing the vulnerability as duplicate; determining whether an exception is approved for the vulnerability, and in response to the exception being approved, categorizing the vulnerability as exception; determining whether the vulnerability is superseded, and in response to the vulnerability being superseded, categorizing the vulnerability as superseded; determining whether the vulnerability has a fix, and in response to the vulnerability not having a fix, categorizing the vulnerability as not having a fix; determining whether the vulnerability is a patch, and in response to the vulnerability having a patch, categorizing the vulnerability as the patch in progress; and determining whether the vulnerability is application dependent, in response to the vulnerability being application dependent, categorizing the vulnerability as application dependent, and in response to the vulnerability being application independent, categorizing the vulnerability as infrastructure. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computing device for displaying contextualized vulnerabilities, the computing device including a screen, a processor and a non-transitory computer readable medium containing instructions stored thereon, such that when the instructions are executed by the processor, the computing device performs the method comprising:
-
receiving, from a server, a message containing one or more vulnerability data and one or more solutions to the vulnerability data, each vulnerability data including a vulnerability identification (ID) and an asset value identifying an application; determining whether a first one of the solutions for a corresponding vulnerability in the vulnerability data causes the application identified in the asset value of the corresponding vulnerability to break; based on determining that the application breaks, generating an exception for the corresponding vulnerability and providing the exception to the server; based on determining that the application does not break, applying the first solution to the application to patch the corresponding vulnerability; receiving, from the server, a report of categorized contextual vulnerability data including the corresponding vulnerability being categorized in an exception category or in a fixed category; and displaying the report on the screen, wherein the categorized contextual vulnerability data includes at least one of, determining whether a vulnerability is a duplicate, and in response to the vulnerability being a duplicate, categorizing the vulnerability as duplicate; determining whether an exception is approved for the vulnerability, and in response to the exception being approved, categorizing the vulnerability as exception; determining whether the vulnerability is superseded, and in response to the vulnerability being superseded, categorizing the vulnerability as superseded; determining whether the vulnerability has a fix, and in response to the vulnerability not having a fix, categorizing the vulnerability as not having a fix; determining whether the vulnerability is a patch, and in response to the vulnerability having a patch, categorizing the vulnerability as the patch in progress; and determining whether the vulnerability is application dependent, in response to the vulnerability being application dependent, categorizing the vulnerability as application dependent, and in response to the vulnerability being application independent, categorizing the vulnerability as infrastructure. - View Dependent Claims (18)
-
Specification