Cloud Agents Overview
The SP360 Cloud Agent Dashboard offers significant functionality for the continuous monitoring capabilities for Vulnerability Management. It enables you to get deep insights into different Key Performance Indicators (KPIs) for your servers and workstations, by offering many filters to configure your view into your vulnerability data.
This dashboard enables you to focus on the vulnerabilities that are most important for your organization. In addition to illustrating the “current state” of vulnerabilities, it also adds significant insight into the historical “trending” so you can see the progress your organization is making addressing any and all outstanding vulnerabilities.
Filtering Chart Content
For ease of use, the dashboard has options/buttons at the top of the dashboard that can be used to filter the chart information. In addition, the last section of the dashboard (i.e.,Cloud Agent list) allows you to include or exclude the Cloud Agents that contribute to the vulnerability data.
| Options/Buttons | Descriptions |
|---|---|
| Severity | From this drop-down you can select one or more severities of interest to alter the charts accordingly. The severity of each Vulnerability is classified as either Urgent, Critical, Serious, Medium, or Minimal. |
 | By clicking this button, you can filter (limit) all the available information to only Servers. All the charts will be modified to show the entries specific to Servers. |
 | By clicking this button, you can filter (limit) all the available information to only Workstations. All the charts will be modified to show the entries specific to Workstations. |
| Duration | Using this control, you can establish the time-period the chart covers. The available options are 4 weeks, 3 months, 6 months or 1 year. |
| Interval | Using this control, you can establish the period of time each data point represents. The available intervals are 1 week, 4 weeks, 3 months, 6 months or 1 year. The intent is to enable you to view the trending over the desired time periods; for example, month-over-month, or quarter-over-quarter. |
 | To view the Vulnerability counts for each interval in all the charts you can use this toggle button, which removes the need to hover over the chart. |
The enhanced Cloud Agent dashboard provides information in three sections:
- Vulnerabilities Trending History
- Current Vulnerabilities (i.e., current counts)
- Vulnerability Metrics - Severity
Vulnerabilities Trending History
The Vulnerability Trending History (which is a collapsible section) provides you with an overall trending of vulnerability counts, so that you can observe the progress made over time. The data is represented in the charts (as shown above) and segmented with a separate chart for:
- Total Number of Vulnerabilities
- New Vulnerabilities
- Reopened Vulnerabilities
- Fixed Vulnerabilities
- Ignored Vulnerabilities
Note: In the lower four Trending Charts, you will find two annotations. The annotation displayed on top shows the number of vulnerabilities (i.e., New, Reopened, Fixed or Ignored) discovered since the completion of the last Interval chosen, so it represents a partial Interval. It grows by a day, each day.
The annotation displayed on the bottom shows the vulnerabilities discovered for the last full Interval retroactively from today, such as 1-week, 4-weeks, and so on. This is a moving interval that changes each day. When selecting a 1-week Interval, both annotations are “drillable”, allowing you to see the corresponding vulnerabilities. For Intervals other than 1-week, only the second annotation is “drillable”.
Total Number of Vulnerabilities
This chart shows the trending of all existing vulnerabilities (i.e., New, Reopened or Existing) and filtered according to the controls discussed above. Often organizations will be most interested in the highest severity vulnerabilities and will limit the charts to Urgent and Critical vulnerabilities.
New Vulnerabilities
This chart provides you with insight into “new” vulnerabilities, meaning those vulnerabilities that were discovered for the first time within the chosen interval. For example, if you chose an interval of one week, the chart will show how many new vulnerabilities were found for each complete week, for the entire chosen duration.
Reopened Vulnerabilities
This chart provides you with insight into “reopened” vulnerabilities, meaning those vulnerabilities that were previously remediated, but re-discovered within the chosen interval. In general, “reopened” vulnerabilities should be rare.
Fixed Vulnerabilities
The chart provides you with insight into those vulnerabilities that have been remediated within the chosen interval. Most organizations find this insightful and will correlate these numbers to their most recent development or IT efforts.
Ignored Vulnerabilities
This chart provides you insight into “ignored” vulnerabilities for the chosen interval. Vulnerabilities may be manually ignored by users, or the product may “auto-ignore” any vulnerability that is associated with a Cloud Agent that had not been reachable (scannable) for the past 30 days.
As an example, you may choose to ignore a vulnerability if it is associated with a Cloud Agent that you know is about to be taken out of service, and therefore you do not want to clutter the dashboard with vulnerabilities that do not need to be explicitly addressed.
Current Vulnerabilities
Current Vulnerabilities (which is a collapsible section) provides you with charts that show the current vulnerability counts in the following categories:
- By Severity – which allows you to quickly focus on the most severe vulnerabilities.
- Patchable – to highlight vulnerabilities that can be easily remediated by applying the latest available patches.
- By Status – to easily discern the current vulnerabilities statuses.
- Obsolete Vulnerability Groups – to highlight vulnerabilities that can be easily remediated by upgrading to newer, vendor-supported versions. In other words, currently your organization is utilizing end-of-life unsupported software. This is a dangerous practice since the vendor is no longer providing updates to protect against new security threats. Since all these vulnerabilities are considered “urgent” this chart shows the vulnerabilities grouped by type.
- Group by QID – another grouping chart that shows your vulnerabilities in groups to easily understand the types of vulnerabilities that are most common and that by addressing their underlying root cause can, enable you to address multiple vulnerabilities at a time.
For the Severity, Patchable and By Status bar charts, the counts are presented by three bars; in total, and then broken out by servers and workstations. If you opt for just servers or just workstations, the chart is reduced to a single bar for each category. Clients typically address the server vulnerabilities first, since often servers are utilized by many end users.
By default, these charts show counts and are represented as bar charts. If you prefer to see the counts expressed as percentages and in a pie chart format, that representation can be toggled utilizing the 
icon in the upper-right corner of the section, as shown below.
The two “grouping” charts (i.e., Top 10 Obsolete Vulnerability Groups and Top 10 Groups by QID) provide a powerful additional functionality.
By clicking the 
icon in the upper-right corner of those charts, you can view a pop-up (shown below) that lists all groups (not just the Top 10) and provides additional information, as well as the ability to apply bulk functions, such as ignoring all the vulnerabilities in that group. The action icon 
allows you to see each vulnerability in the group, whereas 
allows multiple vulnerabilities (with the same QID) to be ignored more conveniently with a single request.
Vulnerability Metrics – Severity
Vulnerability Metrics (which is a collapsible section and is collapsed by default) provides insights into how long your open vulnerabilities have been open, and how long it took to close your remediated vulnerabilities. Often organizations have Service Level Agreements (SLAs) that commit them to addressing vulnerabilities within a given timeframe, and this information helps you understand how well you are adhering to your SLAs.
The Vulnerability Metrics are presented in one of two formats, that can be toggled by clicking the 
icon on the upper-right hand portion of this section. By default, the Severity-based format is shown, which contains the following two bar charts.
Days (Average Time Open)
This bar chart shows the total number of open vulnerabilities (upper right notation) and the average number of days (upper left notation) that each severity of vulnerabilities has been open. Hovering over the chart will also show how many vulnerabilities were considered for each metric calculation.
Days (Average Time to Closure)
This bar chart shows the number of vulnerabilities closed in the specified time frame (upper right notation) and the average number of days (upper left notation) the vulnerability was open before being closed.
Clicking on the action icon to the far right of the Vulnerability Metrics header displays a “Timeband” label and breaks down the number of vulnerabilities by ranges of days, for example, those open less than three days, or between three and seven days. This data is presented in pie chart format.
Cloud Agent (Asset) List
This sub-section of the dashboard allows users to tailor the vulnerability metrics being shown by including or excluding specific Cloud Agents. To better understand the operational details, let’s breakdown the key features this sub-section offers.
The upper left corner of the Cloud Agent (Asset) List contains one blue box with the number of assets meeting your selection criteria, and a second blue box reflecting the number of Cloud Agents the user selected as being of interest.
Action Icons and Filtering Options
The upper right corner of the Cloud Agent (Asset) List offers four action icons, two dropdown filters, and a search bar.
| Action Icons | Function |
|---|---|
 | Clicking this icon restricts the dashboard to showing only those Cloud Agents selected. This is helpful if you know that a server is being retired (i.e., taken out of service) in the near future and you do not want the dashboard cluttered by that server’s vulnerabilities. |
 | Clicking on this icon results in resetting the dashboard to its default state. |
 | Clicking on this icon presents two options:
|
 | You can “Import” a CSV file to add multiple aliases by clicking this action icon. This is a useful and more efficient way for users to assign aliases to multiple assets, as compared to doing this one at a time via the UI. |
Filtering Options
The upper right corner of the Cloud Agent (Asset) List contains two filter bars. These allow you to select which Cloud Agents to display based on the following attributes.
| Filter Type | Definition |
|---|---|
Cloud Agent Type | This filter allows you to select Cloud Agents based on asset type. Available types are:
|
Aging Status | Using this drop-down filter, the end user can view Cloud Agents based on the following three options:
This filter allows you to select Cloud Agents based on their aging status. If a Cloud Agent is inaccessible and hasn’t been scanned for 30 consecutive days, SP360 will automatically “age-out” (remove) that Cloud Agent and its associated vulnerabilities. In the Cloud Agents detail page, the “Last Checked-in Date” column shows the most recent date the Cloud Agent was scanned. The date will be shown in amber when it has less than 20 days before it is aged-out, and in red when it has less than 10 days.
|
Search Bar | This search bar filters the Cloud Agents list based on the value entered. For example, if the end user wants to search for the particular Operating System being utilized on their workstations and/or servers; “Windows” in the search bar will list all the Cloud Agents where the “Platform” field in the detail page contains “Windows.”
|
The Cloud Agent list includes the following details:
| Attributes | Definition |
|---|---|
| Qualys ID | The unique ID number assigned to each Cloud Agent by Qualys. |
| OS | The Operating System of the Cloud Agent. |
| Name | The name of the Cloud Agent. |
| Address | The IP address of the Cloud Agent. |
| Type | The type of the asset (i.e., Server or Workstation). |
| Vulnerability Count | The total number of vulnerabilities for that Cloud Agent. |
| Created Date | The date on which the Cloud Agent was first detected (scanned). |
| Last Scanned Date | The date on which the Cloud Agent was last scanned. |
| Last Checked-in | The date the Cloud Agent was last connected to the SP360 application. |
Each Cloud Agent has three available icons on the right side of each line.
| Icons | Definition |
|---|---|
 | Click this icon to edit the alias for that specific Cloud Agent. An alias can be created, changed, or removed. Aliases are useful because it can be hard to remember the complex alphanumeric names assigned to a Cloud Agent, whereas the alias can be a meaningful name that is easier to remember. Aliases are included in searches. |
| Clicking on this icon displays all vulnerabilities associated with that Cloud Agent. For more information about the Vulnerabilities page, click here |
| Clicking on this icon displays detailed information about that Cloud Agent, as shown below. |
Note: Details for the installed software are displayed alphabetically. A search bar has also been added for the user’s convenience.