Create Watch Lists
To create a watch list, perform the following steps.
To create a Watch List
| 1. | Open the Vulnerability Manager > Watch Lists & Advisories > Watch Lists page. |
| 2. | To create a new Watch List, click  . The Create Watch List (Step 1 of 2) page opens. On this page, you can select Product Versions, Products, Vendors, or Assessment. |
Note:You can select the Receive all advisories check box to receive Secunia Advisories for all Product Versions, Products, and Vendors.
| 3. | Use the search field to find the products, vendors, product versions, and device groups to select and add to your Watch List. |
| 4. | Click  in the Database suggestions column heading to add the current page or click  next to the individual items to add them to the Selected items list. |
| 5. | Click  in the Selected items column heading to remove the current page or DELETE X next to an individual item to remove it from the list. |
| 6. | Click Next. The Create Watch List (Step 2 of 2) page opens. |
| 7. | Enter the Name of the Watch List. |
| 8. | Select the Watch List Groups, if available, from the drop-down list to associate with this Watch List. You can also click  to create a new Watch List group. |
| 9. | Notifications and/or tickets are not sent for disabled Watch Lists. If you wish to preserve a Watch List for historical reasons, you can disable it by clearing the selection of the Enabled check box. |
| 10. | If you select the Advisories need approval option, you will receive a notification and an email for advisories that match your Watch List. You can approve that advisory, in which case a ticket is created or you can dismiss the advisories. |
Note:If the users have the rejected advisories option enabled, the threshold filters may not apply since the advisory may not have the criticality set.
| 11. | Select the Ticket threshold, Email and SMS notification levels from the drop-down lists. |
The Ticket threshold level is used to determine whether or not tickets will be created for advisories matching your Watch List.
| 12. | You can optionally select the impact that a vulnerability in any item in the Watch List will have to your environment (Low, Medium or High) by Confidentiality Requirement (CR), Integrity Requirement (IR), and Availability Requirement (AR) from the drop-down lists (optional). |
The table below defines the Low, Medium, and High impact for CR, IR and AR. For the tickets created on the Watch List with values in the CR, IR, and AR fields, the system will use those values to calculate the custom Common Vulnerability Scoring System (CVSS) for the ticket.
|
Metric |
Low Definition |
Medium Definition |
High Definition |
|
CR |
There is a low impact on the confidentiality of the system. |
There is considerable disclosure of information, but the scope of the loss is constrained such that not all of the data is available. |
There is total information disclosure, providing access to any or all data on the system. |
|
IR |
There is a low impact on the integrity of the system. |
Modification of some data or system files is possible, but the scope of the modification is limited. |
There is total loss of integrity; the attacker can modify any files or information on the target system. |
|
AR |
There is a low impact on the availability of the system. |
There is reduced performance or loss of some functionality. |
There is total loss of availability of the attacked resource. |
Note:For further definition details, see:
https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System#Impact_metrics
Note:After creating an Assessment Watch List from the Create a Watch List steps above:
| • | When a new scan is done, the new data is available in the Create Watch List pop-up window. |
| • | When any scan result is deleted from the Assessment module, a refresh needs to be done to see the changes in the Assessment module and also in the Create Watch List pop-up window. |
| • | When a Smart Group is deleted from the Assessment module, it may take at least 15 minutes to see the deleted Smart Group removed from the Assessment tab of the Create Watch List pop-up window. |
| 13. | Click Save to save the Watch List. Once saved, you will begin to receive alerts and advisories based on your configuration. |