Web Apps Overview
The SP360 Web Apps Dashboard offers significant functionality for the continuous monitoring capabilities of Vulnerability Management. It enables you to get deep insights into Key Performance Indicators (KPIs) for your Web Apps, by offering numerous filters to configure your view into your vulnerability data.
This dashboard enables you to focus on the vulnerabilities that are most important to your organization. In addition to illustrating the “current state” of vulnerabilities, it also adds significant insight into historical “trending” so you can see the progress your organization is making in addressing any and all outstanding vulnerabilities.
Filtering Chart Content
For ease of use, the dashboard has options/buttons at the top of the dashboard that can be used to filter the chart information. In addition, the last section of the dashboard (i.e., Web Apps list) allows you to include or exclude the Web Apps that contribute to the vulnerability data.
| Options/Buttons | Descriptions |
|---|---|
| Severity | From this drop-down you can select one or more severities of interest to alter the charts accordingly. The severity of each vulnerability is classified as either Urgent, Critical, Serious, Medium, or Minimal. |
| Duration | Using this control, you can establish the time-period the chart covers. The available options are 4 weeks, 3 months, 6 months or 1 year. |
| Interval | Using this control, you can establish the period of time each data point represents. The available intervals are 1 week, 4 weeks, 3 months, 6 months or 1 year. The intent is to enable you to view the trending over the desired time periods; for example, month-over-month, or quarter-over-quarter. |
 | Use this toggle button to view the vulnerability counts for each interval in all the charts. This removes the need to hover over the chart. |
The Web Apps dashboard provides information in three sections:
- Vulnerabilities Trending History
- Current Vulnerabilities (i.e., current counts)
- Vulnerability Metrics
Vulnerabilities Trending History
The Vulnerability Trending History (which is a collapsible section) provides you with an overall trending of vulnerability counts, so that you can observe the progress made over time. The data is represented in charts (as shown above) and segmented with a separate chart for:
- Total Number of Vulnerabilities
- New Vulnerabilities
- Reopened Vulnerabilities
- Fixed Vulnerabilities
- Ignored Vulnerabilities
Note: In the lower four Trending Charts, you will find two annotations. The annotation displayed on top shows the number of vulnerabilities (i.e., New, Reopened, Fixed or Ignored) discovered since the completion of the last Interval chosen, so it represents a partial Interval. It grows by a day, each day.
The annotation displayed on the bottom shows the vulnerabilities discovered for the last full Interval retroactively from today, such as 1-week, 4-weeks, and so on. This is a moving interval that changes each day. When selecting a 1-week Interval, both annotations are “drillable”, allowing you to see the corresponding vulnerabilities. For Intervals other than 1-week, only the second annotation is “drillable”.
Total Number of Vulnerabilities
The trending of all existing vulnerabilities (i.e., New, Reopened or Existing) is filtered according to the controls discussed above. Often organizations will be most interested in the highest severity vulnerabilities and will limit the charts to Urgent and Critical vulnerabilities.
New Vulnerabilities
This chart provides you with insight into “new” vulnerabilities, meaning those vulnerabilities that were discovered for the first time within the chosen interval. For example, if you chose an interval of one week, the chart will show how many new vulnerabilities were found for each complete week, for the entire chosen duration.
Reopened Vulnerabilities
This chart provides you with insight into “reopened” vulnerabilities, meaning those vulnerabilities that were previously remediated, but re-discovered within the chosen interval. In general, “reopened” vulnerabilities should be rare.
Fixed Vulnerabilities
This chart provides you with insight into those vulnerabilities that have been remediated within the chosen interval. Most organizations find this insightful and will correlate these numbers to their most recent development or IT efforts.
Ignored Vulnerabilities
This chart provides you with insight about the “ignored” vulnerabilities for the chosen interval. Vulnerabilities may be manually ignored by users, or the application may “auto-ignore” any vulnerability that is associated with a Web App that was not reachable (scannable) in the past 30 days. You may choose to ignore a vulnerability if it is associated with an application that you know is about to be taken out of service, and therefore you do not want to clutter the dashboard with vulnerabilities that do not need to be explicitly addressed.
Current Vulnerabilities
Current Vulnerabilities (which is a collapsible section) provides you with charts that show the current vulnerability counts in the following categories:
- By Severity – which allows you to quickly focus on the most severe vulnerabilities.
- By Status – to easily discern the current vulnerabilities statuses.
- Groups by QID – a grouping chart that shows your vulnerabilities in groups, to easily understand the types of vulnerabilities that are most common and that by addressing their underlying root cause can, enable you to address multiple vulnerabilities at a time.
By default, these counts are represented as bar charts. If you prefer to see the counts expressed as percentages and in a pie chart format, click the 
action icon to the right of the Current Vulnerabilities heading, as shown below.
The grouping chart, Top 10 Groups by QID provides a powerful additional functionality.
By clicking the 
action icon in the upper-right corner of that chart, you can view a pop-up (shown below) that lists all groups (not just the Top 10) and provides additional information, as well as the ability to apply bulk functions, such as ignoring all the vulnerabilities in that group. The action icon 
allows you to see each vulnerability in the group, whereas 
allows multiple vulnerabilities (with the same QID) to be ignored more conveniently with a single request.
Vulnerability Metrics – Severity
Vulnerability Metrics (which is a collapsible section and is collapsed by default) provides insights into how long your open vulnerabilities have been open, and how long it took to close your remediated vulnerabilities. Often organizations have Service Level Agreements (SLAs) that commit them to addressing vulnerabilities within a given timeframe, and this information helps you understand how well you are adhering to your SLAs.
The Vulnerability Metrics are presented in one of two formats, that can be toggled by clicking the 
action icon on the upper-right hand portion of this section. By default, the Severity-based format is shown, which contains the following two bar charts.
Days (Average Time Open)
This bar chart shows the total number of open vulnerabilities (upper right notation) and the average number of days (upper left notation) that each severity of vulnerabilities has been open. Hovering over the chart will also show how many vulnerabilities were considered for the metric calculations.
Days (Average Time to Closure)
This bar chart shows the number of vulnerabilities closed in the specified time frame (upper right notation) and the average number of days (upper left notation) the vulnerability was open before being closed.
Clicking on the action icon to the far right of the Vulnerability Metrics, the header displays a “Timeband” label, and breaks down the number of vulnerabilities by ranges of days, for example, those open less than three days, or between three and seven days. This data is presented in pie chart format.
Notice that the icon used to toggle between Severity-based and Timeband-based formats changes.
Web Apps (Asset) List
This section of the dashboard allows you to tailor the vulnerability metrics being shown by including or excluding specific Web Apps. To better understand the operational details, let’s breakdown the key features this sub-section offers.
The upper left corner of the Web Apps (Asset) List contains one blue box with the number of assets meeting your selection criteria, and a second blue box reflecting the number of Web Apps the user selected as being of interest.
Action Icons and Filtering Options
The upper right corner of the Web Apps (Asset) List offers four action icons, two dropdown filters, and a search bar.
| Action Icons | Function |
|---|---|
 | Clicking this icon restricts the dashboard to showing only those Web Apps selected. This is helpful if you know that a Web App is being retired (i.e., taken out of service) in the near future and you do not want the dashboard cluttered by that Web App’s vulnerabilities. |
 | Clicking on this icon results in resetting the dashboard to its default state. |
 | Clicking on this icon downloads (in CSV format) all details for all/selected list of Web Apps. |
Filtering Options
The upper right corner of the Web App (Asset) List contains two filter bars. These allow you to select which Web Apps to display based on the following attributes.
| Filter Type | Definition |
|---|---|
Aging Status | Using this drop-down filter, the end user can view Web Apps based on the following three options:
This filter allows you to select Web Apps based on their status. If a Web App is inaccessible and hasn’t been scanned for 30 consecutive days, SP360 will automatically “age-out” (i.e., inactivate/deactivate) that Web App and its associated vulnerabilities. Note: Any/all deactivated Web Apps can be reactivated from the Web App Details page. |
Search Bar |
This search bar filters the Web Apps list based on the value entered. For example, if the end user wants to search for a particular Web App, typing the value of the URL in the Search Bar will list all the Web Apps that contain that particular value in its URL.  |
The Web App list includes the following details.
| Attributes | Definition |
|---|---|
| Qualys ID | The unique ID number assigned to each Web App in Qualys. |
| Name | The name assigned to the Web App. |
| URL | The URL used to navigate to the Web App. |
| Scheduled | A flag indicating whether or not there are vulnerability scans scheduled. |
| Vulnerability Count | The total number of vulnerabilities associated with that Web App. |
| Created Date | The date on which the Web App was first detected (scanned). |
| Last Scanned Date | The date on which the Web App was last scanned. |
| Scan Result | Displays the result of the most recent scan for the given Web App as one of the following possible outcomes:
|
Each Web App has three available icons on the right side of each line.
| Icons | Definition |
|---|---|
 | This action icon is used to invoke a manual scan of the Web App. A confirmation page is first displayed to confirm the request. To cancel a manual scan, click on the revolving “scan in progress” |
| Clicking on this icon displays all vulnerabilities associated with that Web App. For more information about the Vulnerabilities page, click here. |
| Clicking on this icon displays detailed information about that Web App, as (partially) shown below. The Web App details are organized in the following four broader categories.
|
icon. A confirmation page is first displayed to confirm the cancellation request.
