The Threat Analysis Report provides additional information about your risk to a zero-day attack or other predicted vulnerability. It helps you determine the benefit of mitigating actions on exposed systems. This report is available only when you have one of these features enabled: Zero-Day Risk Analyzer or Predictive Analytics Engine (Beta).
(Manager Only) Go to KnowledgeBase > iDefense Intelligence or KnowledgeBase > Predictions. Identify the vulnerability you want to report on and click the View Report link.
Yes. It's easy to do. Click the Download as CSV button. You'll get a complete list of impacted hosts and the data used to predict the risk for each host: the operating system, software and software version detected on the host.
We compare vulnerability details to your latest scan results, specifically we look at a host's operating system, software installed, and software version installed.
The confidence level is based on which of the 3 criteria (operating system, software and software version) match between the vulnerability details and the host information.
Confirmed - Indicates that all 3 criteria matched and the vulnerability was detected by a scan. More about zero-day vulnerabilities
The zero-day vulnerability was predicted for the host, and then these events occurred in the following order: 1) a QID was created by the service for this issue, 2) a new scan was launched on the host, and 3) the QID was detected by a scan.
Likely - Indicates that all 3 criteria matched.
Potential - Indicates that some but not all of the criteria matched. For example, the host had the matching operating system and software but the software version was not detected or did not match.
Threat Percentage by Total Hosts - This graph shows the total number of hosts in your account and the number of hosts in your account that may be impacted by the vulnerability. Impacted hosts have one or more matching criteria to the vulnerability.
Threat Predictions by Confidence Level - This graph shows the number of impacted hosts at each confidence level (Confirmed, Likely, Potential).
Top 10 Most Impacted Asset Groups - This graph shows the top 10 asset groups in your account with the highest percentage of impacted hosts. This graph is intended to help you focus your remediation efforts.
All hosts that are predicted to be impacted by the vulnerability are listed. You can filter the list to only show impacted hosts for a particular asset group - just click the asset group name on the left side.
For each host listed, you'll see: the host's IP address, DNS and NetBIOS hostnames (if available), the operating system and software detected on the host (used to make the risk prediction), the date the vulnerability was last predicted for the host, and the risk confidence level.