In this example we create a simple vulnerability report that allows us to quickly get an idea of our attack surface. Note that in the following dashboard, CVE related data are brought together with device data. This allows us to quickly identify which devices are affected by certain vulnerabilities. On the other hand, we can check which CVEs affect a specific group of devices.
We start with creating a table in the upper right corner where we list CVEs that affect our installed base. We populate this table with the CVE ID, KEV indicator (KEV = Yes means there is a known exploit for this CVE, according to CISA), CVSS Base Score, Priority, and Description.
Next we create to measures that we display in cards in the upper left corner. We want to expose the number of CVEs that affect our installed base, and the number of actual vulnerabilities (a CVE can affect more than one device). For the number of CVEs, the measure is calculated as DISTINCTCOUNT(Vulnerabilities[CVE ID]). The number of vulnerabilities is calculated as COUNT(Vulnerabilities[Device ID]).
Next we want to visualize the number of vulnerabilities with known exploits. For this we use a donut chart that we associate with the KEV field of the Vulnerabilities data model. Note that you'll also need to drag-and-drop the KEV field to the Values field of the chart.
It's time to bring in devices. For this we create a table that we populate with some device data -- device name, type, vendor, model, and location. Of course you can use all kinds of other fields that you are interested in, including your custom fields that you have created in OTbase Inventory.
We also want a quick indicator where affected devices are located. For this we introduce a treemap that we link to the Reference Location field of the Devices model. Don't forget to drag-and-drop the Reference Location field on the Values field of the treemap. -- In our sample data there is a lot of devices that are not assigned to a specific reference location, hence the large number of blank reference locations in the treemap. You wouldn't expect to see this with production data.
Finally we visualize device criticality, which will allow us later to check which devices affected by certain CVEs are critical. In order to do this we use a donut chart that we link to the Criticality field in the Devices model.
With this little dashboard we can already accomplish a lot of useful things. For example, we can quickly check for vulnerabilities with known exploits that affect devices critical for engineering. All we need to do is click on Yes in the KEV donut chart and Ctrl-click ENGINEERING in the Criticality donut chart.
This tells us that we have to deal with 15,000 vulnerabilities with known exploits on systems critical for engineering. Apparently most of the affected devices are located in the Charlotte plant. A quick glance at the CVE table reveals that a lot of these vulnerabilities are associated with Adobe software products, which gives us a clear path towards mitigation.
Comments
0 comments
Please sign in to leave a comment.