Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create an Idea
60
Total Ideas
32%
Ideas In Review
15%
Ideas Planned
7%
Ideas Completed

Affected or Potentially affected advisories on a device

milan.kulik
Level 10
Level 10
‎02-08-2024 02:43 AM
Status: Under Review

I can see 16 Advisories affecting a particular device, e.g.

But when I check deeper, I realize 12 of them are Potential only.

Why CX Cloud doesn't differentiate between Affecting and Potentially affecting advisories in the list?

 And why it's not possible to export the list of those vulnerabilities affecting the devcie?

See more ideas labeled with:
4 Comments
Chris Camplejohn
Cisco Employee
Cisco Employee
‎02-08-2024 08:57 AM
‎02-08-2024 08:57 AM

@milan.kulik Thanks for asking this question.  The Advisory summary table divides the analysis into Affected and Potentially Affected and the same is true when you drill into the advisory.  The text within the analysis explains why something is only potentially affected.  It is usually due to one of two reasons:  1) Insufficient telemetry data to make the assessment.  or 2) Inability of the analysis itself to make the assessment.  Feel free to private message me a specific customer and advisory so I can look at exactly what you are seeing and give a more complete response.

milan.kulik
Level 10
Level 10
‎02-16-2024 01:48 AM
‎02-16-2024 01:48 AM

Hi Chris,


this is what I see:

milankulik_1-1708077982900.png

When I click on those 39 Advisories button and then on the Advisories again:

milankulik_2-1708078046752.png

This list is not saying that the second advisory is only Potentially affecting my device which I can see when I click on it again:

milankulik_3-1708078141026.png

So I believe it would be worth to add some icon to the previous list to distinguish Affecting and Potentially affecting vulnerabilities!


Thanks,
Milan Kulik

Chris Camplejohn
Cisco Employee
Cisco Employee
‎02-16-2024 06:18 AM
‎02-16-2024 06:18 AM

@milan.kulik Perfect.  Thank you for the explanation.  I totally understand what you are asking for.  Two possible enhancements here.  On the Asset360>Advisories tab, could separate the advisories into Affected vs. Potentially Affected.  And for the count of Critical Security Advisories, consider how we could show the breakout of Affected vs. Potentially Affected.

Hope you are aware of the Acknowledge Advisories feature.  If you have evaluated a security advisory (or field notice) and decided that you no longer want to see it in the active list, you can acknowledge it.  It doesn't go away, it just moves out of active.  This is only at the advisory level, though, not per device.

Status changed to: Under Review
Tyrese Jackson
Moderator Moderator
Moderator
‎02-29-2024 10:48 AM
‎02-29-2024 10:48 AM

Hi and thank you for the idea! It has been accepted for further discussion within our internal team. Stay tuned!

Who is this for?

This idea exchange is for customers only. If you are an internal employee please submit your CX Cloud feedback at the link below: