cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
72
Total Ideas
26%
Ideas In Review
18%
Ideas Planned
14%
Ideas Completed
milan.kulik
Level 10
Level 10
Status: Under Review

I can see 16 Advisories affecting a particular device, e.g.

But when I check deeper, I realize 12 of them are Potential only.

Why CX Cloud doesn't differentiate between Affecting and Potentially affecting advisories in the list?

 And why it's not possible to export the list of those vulnerabilities affecting the devcie?

4 Comments
Chris Camplejohn
Cisco Employee
Cisco Employee

@milan.kulik Thanks for asking this question.  The Advisory summary table divides the analysis into Affected and Potentially Affected and the same is true when you drill into the advisory.  The text within the analysis explains why something is only potentially affected.  It is usually due to one of two reasons:  1) Insufficient telemetry data to make the assessment.  or 2) Inability of the analysis itself to make the assessment.  Feel free to private message me a specific customer and advisory so I can look at exactly what you are seeing and give a more complete response.

milan.kulik
Level 10
Level 10

Hi Chris,


this is what I see:

milankulik_1-1708077982900.png

When I click on those 39 Advisories button and then on the Advisories again:

milankulik_2-1708078046752.png

This list is not saying that the second advisory is only Potentially affecting my device which I can see when I click on it again:

milankulik_3-1708078141026.png

So I believe it would be worth to add some icon to the previous list to distinguish Affecting and Potentially affecting vulnerabilities!


Thanks,
Milan Kulik

Chris Camplejohn
Cisco Employee
Cisco Employee

@milan.kulik Perfect.  Thank you for the explanation.  I totally understand what you are asking for.  Two possible enhancements here.  On the Asset360>Advisories tab, could separate the advisories into Affected vs. Potentially Affected.  And for the count of Critical Security Advisories, consider how we could show the breakout of Affected vs. Potentially Affected.

Hope you are aware of the Acknowledge Advisories feature.  If you have evaluated a security advisory (or field notice) and decided that you no longer want to see it in the active list, you can acknowledge it.  It doesn't go away, it just moves out of active.  This is only at the advisory level, though, not per device.

Status changed to: Under Review
Tyrese Jackson
Moderator Moderator
Moderator

Hi and thank you for the idea! It has been accepted for further discussion within our internal team. Stay tuned!