Threat Analysis Report

Tell me about this report

Tell me about the confidence levels

How do I run it?

Tell me about the graphs

Can I download it in CSV format?

Tell me about impacted hosts

What data is used to make a risk prediction?

 


Tell me about this report

The Threat Analysis Report provides additional information about your risk to a zero-day attack or other predicted vulnerability. It helps you determine the benefit of mitigating actions on exposed systems. This report is available only when you have: Predictive Analytics Engine (Beta).

How do I run it?

(Manager Only) Go to KnowledgeBase > iDefense Intelligence or KnowledgeBase > Predictions. Identify the vulnerability you want to report on and click the View Report link.

Can I download it in CSV format?

Yes. It's easy to do. Click the Download as CSV button. You'll get a complete list of impacted hosts and the data used to predict the risk for each host: the operating system, software and software version detected on the host.

What data is used to make a risk prediction?

We compare vulnerability details to your latest scan results, specifically we look at a host's operating system, software installed, and software version installed.

Tell me about the confidence levels

The confidence level is based on which of the 3 criteria (operating system, software and software version) match between the vulnerability details and the host information.

Confirmed - Indicates that all 3 criteria matched and the vulnerability was detected by a scan. More about zero-day vulnerabilitiesMore about zero-day vulnerabilities

The zero-day vulnerability was predicted for the host, and then these events occurred in the following order: 1) a QID was created by the service for this issue, 2) a new scan was launched on the host, and 3) the QID was detected by a scan.

Likely - Indicates that all 3 criteria matched.

Potential - Indicates that some but not all of the criteria matched. For example, the host had the matching operating system and software but the software version was not detected or did not match.

Tell me about the graphs

Threat Percentage by Total Hosts - This graph shows the total number of hosts in your account and the number of hosts in your account that may be impacted by the vulnerability. Impacted hosts have one or more matching criteria to the vulnerability.

Threat Predictions by Confidence Level - This graph shows the number of impacted hosts at each confidence level (Confirmed, Likely, Potential).

Top 10 Most Impacted Asset Groups - This graph shows the top 10 asset groups in your account with the highest percentage of impacted hosts. This graph is intended to help you focus your remediation efforts.

Tell me about impacted hosts

All hosts that are predicted to be impacted by the vulnerability are listed. You can filter the list to only show impacted hosts for a particular asset group - just click the asset group name on the left side.

For each host listed, you'll see: the host's IP address, DNS and NetBIOS hostnames (if available), the operating system and software detected on the host (used to make the risk prediction), the date the vulnerability was last predicted for the host, and the risk confidence level.