Skip to main content
Skip table of contents

Threat Intelligence Dashboards

The pre-built Value-Oriented Dashboards include the following Threat Intelligence dashboards:

  • Assets w_Top Exploited CVEs (CISA 2021). This dashboard displays information about assets with CVEs.

  • Assets w_Top15 Exploited CVEs (SentinelOne 2022). The Assets w/Top15 Exploited CVEs dashboard displays information about assets where the top 15 most commonly exploited CVEs are active.

  • Risk Overview. This dashboard displays information about the assets in the environment and their risk levels.

  • Vulnerabilities. This dashboard displays a list of all vulnerabilities fin your environment.

Required Connectors

To find all the assets in your environment and the vulnerability, CVE, and risk information about the assets in your envrionment, Lucidum recommends you configure Lucidum connectors for:

  • The Endpoint Management solutions in your environment (for example, Jamf, Intune, Citrix Endpoint Management, Symantec Endpoint Management, Hexnode)

  • The Endpoint Protection solutions in your environment (for example, Trellix Endpoint Security, Symantec Endpoint Protection, SentinelOne, Crowdstrike Falcon, Microsoft Defender for Endpoint )

  • The Endpoint Detection and Response solutions in your environment (for example, SentinelOne, Falcon Crowdstrike, Trend Micro XDR, Check Point Harmony Endpoint, Cortex XDR)

  • The cloud security solutions in your environment for cloud assets (for example, Netskope, Illumio Core, Orca, Tenable.io, Trend Micro Cloud One, Sophos Central)

  • The anti-virus solutions or vulnerability management solutions in your environment (for example, Burp Suite, Cycognito, Greenbone, Kenna, MS Defender, Qualys, Rapid7, Tenable, Vulcan)

  • The Mobile Device Management solutions in your environment (for example, Addigy, Citrix Endpoint, Jamf Pro, Kandji)

  • The directory solutions in your environment (For example, Azure AD, Microsoft AD, Jump Cloud, PingOne, OpenLDAP,)

  • The DHCP solutions in your environment (For example, Infoblox, Efficient IP, BlueCat)

  • The VPN solutions in your environment (For example, Cisco AnyConnect, FortiClient, Palo Alto VPN, Citrix Gateway, Zscaler Private Access)

  • The cloud solutions in your environment (for example, AWS, Azure, Google Cloud, Oracle Cloud)

Assets w_Top Most Exploited CVEs (CISA 2021)

The Assets /w the Most Exploited CVEs dashboard displays information about assets with CVEs.

The Assets /w the Most Exploited CVEs dashboard looks like this:

Base Query

Most of the asset charts in this dashboard this query:

CVE List match -2021-(44228|40539|34523|34473|31207|27065|26858|26857|26855|26084|21972) OR CVE List match -2020-(1472|0688) OR CVE List match -2019-(11510) OR CVE List match -2018-(13379)OR CVE List match -2021-(3156|27852|22893|20016|1675) OR CVE List match -2021-(42237|35464|27104|27103|27102|27101|21985|20038|40444|34527) OR CVE List match -2020-(2509) OR CVE List match -2019-(19781|18935) OR CVE List match -2018-(0171) OR CVE List match -2017-(11882|0199).

This query looks for assets that have one or more of the following active CVEs:

  • CVE-2021-44228

  • CVE-2021-40539

  • CVE-2021-34523

  • CVE-2021-34473

  • CVE-2021-31207

  • CVE-2021-27065

  • CVE-2021-26858

  • CVE-2021-26857

  • CVE-2021-26885

  • CVE-2021-26084

  • CVE-2021-21972

  • CVE -2020-1472

  • CVE -2020-0688

  • CVE -2019-11510

  • CVE-2018-13379

  • CVE-2021-3156

  • CVE-2021-27852

  • CVE-2021-22893

  • CVE-2021-20016

  • CVE-2021-1675

  • CVE-2021-42237

  • CVE-2021-35464

  • CVE-2021-27104

  • CVE-2021-27103

  • CVE-2021-27102

  • CVE-2021-27101

  • CVE-2021-21985

  • CVE-2021-20038

  • CVE-2021-40444

  • CVE-2021-34527

  • CVE-2020-2509

  • CVE-2019-19781

  • CVE-2019-18935

  • CVE-2018-0171

  • CVE-2017-11882

  • CVE-2017-0199

If you want to edit the charts in this dashboard, you can supply a different list of CVEs in the query.

Charts

  • Asset Count. This chart displays the count of assets with active CVEs.

    • This chart queries the asset database and uses the query CVE List match -2021-(44228|40539|34523|34473|31207|27065|26858|26857|26855|26084|21972) OR CVE List match -2020-(1472|0688) OR CVE List match -2019-(11510) OR CVE List match -2018-(13379)OR CVE List match -2021-(3156|27852|22893|20016|1675) OR CVE List match -2021-(42237|35464|27104|27103|27102|27101|21985|20038|40444|34527) OR CVE List match -2020-(2509) OR CVE List match -2019-(19781|18935) OR CVE List match -2018-(0171) OR CVE List match -2017-(11882|0199). This query looks for all assets that have one or more of these CVEs in their CVE list.

    • From the data returned by the query, the Category field specifies the value to show in the chart. In this case, the chart displays a count of Lucidum Asset Name.

    • The Chart Type is “Big Number”.

  • Active CVEs. This chart looks at all assets with active CVEs and displays which CVEs are present in the environment.

    • This chart queries the asset database and uses the query CVE List match -2021-(44228|40539|34523|34473|31207|27065|26858|26857|26855|26084|21972) OR CVE List match -2020-(1472|0688) OR CVE List match -2019-(11510) OR CVE List match -2018-(13379)OR CVE List match -2021-(3156|27852|22893|20016|1675) OR CVE List match -2021-(42237|35464|27104|27103|27102|27101|21985|20038|40444|34527) OR CVE List match -2020-(2509) OR CVE List match -2019-(19781|18935) OR CVE List match -2018-(0171) OR CVE List match -2017-(11882|0199). This query looks for all assets that have one or more of these CVEs in their CVE list.

    • From the data returned by the query, the Category field specifies the values to use to calculate the entire pie. In this case, the entire pie is the total count of Lucidum Asset Names.

    • From the data returned by the query, the Series field specifies the value to show in each slice of the pie. In this case, each slice displays CVE List.

    • The Chart Type is “Pie”.

  • Operating Systems Affected. This chart displays all the operations systems and versions in the environment that are affected by CVEs.

    • This chart queries the asset database and uses the query CVE List match -2021-(44228|40539|34523|34473|31207|27065|26858|26857|26855|26084|21972) OR CVE List match -2020-(1472|0688) OR CVE List match -2019-(11510) OR CVE List match -2018-(13379)OR CVE List match -2021-(3156|27852|22893|20016|1675) OR CVE List match -2021-(42237|35464|27104|27103|27102|27101|21985|20038|40444|34527) OR CVE List match -2020-(2509) OR CVE List match -2019-(19781|18935) OR CVE List match -2018-(0171) OR CVE List match -2017-(11882|0199). This query looks for all assets that have one or more of these CVEs in their CVE list.

    • From the data returned by the query, the Category field specifies the values to use to calculate the entire pie. In this case, the entire pie is the total count of Lucidum Asset Names.

    • From the data returned by the query, the Series field specifies the value to show in each slice of the pie. In this case, each slice displays a Lucidum OS Version.

    • The Chart Type is “Pie”.

  • Vulnerable Assets. This chart lists the names of assets that have active CVEs.

    • This chart queries the asset database and uses the query CVE List match -2021-(44228|40539|34523|34473|31207|27065|26858|26857|26855|26084|21972) OR CVE List match -2020-(1472|0688) OR CVE List match -2019-(11510) OR CVE List match -2018-(13379)OR CVE List match -2021-(3156|27852|22893|20016|1675) OR CVE List match -2021-(42237|35464|27104|27103|27102|27101|21985|20038|40444|34527) OR CVE List match -2020-(2509) OR CVE List match -2019-(19781|18935) OR CVE List match -2018-(0171) OR CVE List match -2017-(11882|0199). This query looks for all assets that have one or more of these CVEs in their CVE list.

    • From the data returned by the query, the Category fields specifies the columns in the table. In this case, CVE Count (Vulnerabilities::CVE)

    • From the data returned by the query, the Series field specifies the row in the table. In this case, the table will have a row for each Lucidum Asset Name.

    • The Chart Type is “Table”.

  • Remediation Progress. This chart displays the number of assets that still have active CVEs each day.

    • This chart queries the asset database and uses the query CVE List match -2021-(44228|40539|34523|34473|31207|27065|26858|26857|26855|26084|21972) OR CVE List match -2020-(1472|0688) OR CVE List match -2019-(11510) OR CVE List match -2018-(13379)OR CVE List match -2021-(3156|27852|22893|20016|1675) OR CVE List match -2021-(42237|35464|27104|27103|27102|27101|21985|20038|40444|34527) OR CVE List match -2020-(2509) OR CVE List match -2019-(19781|18935) OR CVE List match -2018-(0171) OR CVE List match -2017-(11882|0199). This query looks for all assets that have one or more of these CVEs in their CVE list.

    • From the data returned by the query, the Category field specifies the values to show on the y-axis. In this case, the y-axis displays a count of Lucidum Asset Name.

    • From the data returned by the query, the Series field specifies the values to show on the x-axis. In this case, the x-axis displays the Record Generated Time.

    • The Chart Type is “Bar”.

  • Assets with Common Exploits. This chart displays the CVEs with the highest number of associated assets.

    • This chart queries the asset database and uses the query CVE List match -2021-(44228|40539|34523|34473|31207|27065|26858|26857|26855|26084|21972) OR CVE List match -2020-(1472|0688) OR CVE List match -2019-(11510) OR CVE List match -2018-(13379)OR CVE List match -2021-(3156|27852|22893|20016|1675) OR CVE List match -2021-(42237|35464|27104|27103|27102|27101|21985|20038|40444|34527) OR CVE List match -2020-(2509) OR CVE List match -2019-(19781|18935) OR CVE List match -2018-(0171) OR CVE List match -2017-(11882|0199). This query looks for all assets that have one or more of these CVEs in their CVE list.

    • From the data returned by the query, the Category fields specifies the columns in the table. In this case, the count of Lucidum Asset Name.

    • From the data returned by the query, the Series field specifies the row in the table. In this case, the table will have a row for each entry in the CVE List.

    • The Chart Type is “Table”.

Assets w_Top15 Exploited CVEs (SentinelOne 2022)

The Assets w/Top15 Exploited CVEs dashboard displays information about assets where the top 15 most commonly exploited CVEs are active.

The Assets w/Top15 Exploited CVEs dashboard looks like this:

Base Query

Most of the asset charts in this dashboard use this query:

CVE List match -2021-(44228|40539|31207|34473|34523|26885|26857|26858|27065|26084|21972) or CVE List match -2020-(1472|0688) or CVE List match -2019-11510 or CVE List match -2018-13379.

This query looks for assets that have one or more of the following active CVEs:

  • CVE-2021-44228

  • CVE-2021-40539

  • CVE-2021-31207

  • CVE-2021-34473

  • CVE-2021-34523

  • CVE-2021-26885

  • CVE-2021-26857

  • CVE-2021-26858

  • CVE-2021-27065

  • CVE-2021-26084

  • CVE-2021-21972

  • CVE -2020-1472

  • CVE -2020-0688

  • CVE -2019-11510

  • CVE-2018-13379

Charts

  • Asset Count. This chart displays the count of assets with active CVEs.

    • This chart uses the base query. The base query looks for assets that have one or more of the top15 active CVEs:

    • From the data returned by the query, the Category field specifies the value to show in the chart. In this case, the chart displays a count of Lucidum Asset Name.

    • The Chart Type is “Big Number”.

  • Active CVEs. This chart looks at all assets with active CVEs and displays which CVEs are present in the environment.

    • This chart uses the base query.

    • From the data returned by the query, the Category field specifies the values to use to calculate the entire pie. In this case, the entire pie is the total count of Lucidum Asset Names.

    • From the data returned by the query, the Series field specifies the value to show in each slice of the pie. In this case, each slice displays an entry from the CVE List.

    • The Chart Type is “Pie”.

  • Operating Systems Affected. This chart displays all the operations systems and versions in the environment that are affected by CVEs.

    • This chart uses the base query.

    • From the data returned by the query, the Category field specifies the values to use to calculate the entire pie. In this case, the entire pie is the total count of Lucidum Asset Names.

    • From the data returned by the query, the Series field specifies the value to show in each slice of the pie. In this case, each slice displays one of the Lucidum OS Version.

    • The Chart Type is “Pie”.

  • Vulnerable Assets. This chart lists the names of assets that have active CVEs.

    • This chart uses the base query.

    • From the data returned by the query, the Category fields specifies the columns in the table. In this case, CVE Count (Vulnerabilities::CVE)

    • From the data returned by the query, the Series field specifies the row in the table. In this case, the table will have a row for each Lucidum Asset Name.

    • The Chart Type is “Table”.

  • Remediation Progress. This chart displays the number of assets that still have active CVEs each day.

    • This chart uses the base query.

    • From the data returned by the query, the Category field specifies the values to show on the y-axis. In this case, the y-axis displays a count of Lucidum Asset Name.

    • From the data returned by the query, the Series field specifies the values to show on the x-axis. In this case, the x-axis displays the Record Generated Time.

    • The Chart Type is “Bar”.

  • Assets with Common Exploits. This chart displays the CVEs with the highest number of associated assets.

    • This chart uses the base query.

    • From the data returned by the query, the Category fields specifies the columns in the table. In this case, the count of Lucidum Asset Name.

    • From the data returned by the query, the Series field specifies the row in the table. In this case, the table will have a row for each entry in the CVE List.

    • The Chart Type is “Table”.

Risk Overview

The Risk Overview dashboard displays information about the assets in the environment and their risk levels.

The Risk Overview dashboard looks like this:

Risk Factors

Risk Factors are known security risks that Lucidum has discovered. Some example risk factors are:

  • Endpoint protection is not installed

  • Endpoint protection is not updated

  • Critical vulnerability is found

  • High-risk application is found

Risk Level

Lucidum organized Risk Level into three bins (Low, Medium, High).

You can use risk level to prioritize daily security tasks. For example, you might choose to reduce risks for assets with a risk level of “high”.

Risk Level is useful for pie charts and bar charts. Risk Level also helps users drill-down in the Dashboards page. For example, users can drill down into high-risk assets to view information about those assets.

Risk Score

Lucidum calculates Risk Score using proprietary rule-based algorithms and machine learning algorithms. The risk score comprises information that Lucidum has discovered about the asset or user (Risk Factors) combined with the security risk for the data associated with the asset or user. The overall risk score for an asset is greater if the associated data is more sensitive (has a higher risk value). Highly confidential data has the highest risk value.

The lowest possible risk score is “1”. The highest possible score is unbounded; there is no defined highest possible value for risk score.

Risk score changes only if you mitigate the risks that Lucidum has discovered about the asset or user. For example, if Lucidum determines that an asset does not include endpoint protection, you can reduce the risk score for that asset by installing endpoint protection.

You can create a times series chart to monitor risk score and monitor the trend of the risk score.

Base Query

Most of the asset charts in this dashboard use a query like:

Risk Level match 3-high

or

Risk Factors length gt 0

The first query searches for all assets with a risk level of High.

The second query looks for assets that have a list of risk factors with more than zero entries.

If you want to edit these charts, you can supply a different field in the query. To view all fields for assets, in the Query Builder, scroll through the values for Field.

Charts

  • Assets by Risk Level. This chart displays the number of assets with risk levels of high, medium, and low.

    • This chart queries the asset database and uses the query Risk Level exists. This query searches for all assets that include a value in the Risk Level field.

    • From the data returned by the query, the Category field specifies the values to show on the y-axis. In this case, the y-axis displays a count of Lucidum Asset Name.

    • From the data returned by the query, the Series field specifies the values to show on the x-axis. In this case, the x-axis displays the Risk LEvel.

    • The Chart Type is “Bar”.

  • High-Risk Assets. This chart displays the daily number of assets with a risk level of “High”.

    • This chart queries the asset database and uses the query Risk Level match 3-high AND Record Generated Time within past 1 month . This query searches for all assets that have a Risk Level of “High”.

    • From the data returned by the query, the Category field specifies the values to show on the y-axis. In this case, the y-axis displays a count of Lucidum Asset Name.

    • From the data returned by the query, the Series field specifies the values to show on the x-axis. In this case, the x-axis displays the Record Generated Time.

    • The Chart Type is “Bar”.

  • Medium-Risk Assets. This chart displays the daily number of assets with a risk level of “Medium”.

    • This chart queries the asset database and uses the query Risk Level match 2-medium AND Record Generated Time within past 1 month. This query searches for all assets that have a Risk Level of “Medium”.

    • From the data returned by the query, the Category field specifies the values to show on the y-axis. In this case, the y-axis displays a count of Lucidum Asset Name.

    • From the data returned by the query, the Series field specifies the values to show on the x-axis. In this case, the x-axis displays the the Record Generated Time.

    • The Chart Type is “Bar”.

  • Low-Risk Assets. This chart displays the daily number of assets with a risk level of “Low”.

    • This chart queries the asset database and uses the query Risk Level match 1-low AND Record Generated Time within past 1 month. This query searches for all assets that have a Risk Level of “Low”.

    • From the data returned by the query, the Category field specifies the values to show on the y-axis. In this case, the y-axis displays a count of Lucidum Asset Name.

    • From the data returned by the query, the Series field specifies the values to show on the x-axis. In this case, the x-axis displays the the Record Generated Time.

    • The Chart Type is “Bar”.

  • Assets At-Risk by Department. This chart displays the departments that have assets with any risk level (high, medium, or low).

    • This chart queries the asset database and uses the query Risk Level exists AND Department exists. This query searches for all assets that have a Risk Level and also belong to a department.

    • From the data returned by the query, the Category field specifies the values to show on the y-axis. In this case, the y-axis displays a count of Lucidum Asset Name.

    • From the data returned by the query, the Series field specifies the values to show on the x-axis. In this case, the x-axis displays the Department.

    • The Chart Type is “Bar”.

  • Assets At-Risk by Manager. This chart displays the managers that have assets with any risk level (high, medium, or low).

    • This chart queries the asset database and uses the query Risk Level exists AND Manager exists. This query searches for all assets that have a Risk Level and also have a manager.

    • From the data returned by the query, the Category field specifies the values to show on the y-axis. In this case, the y-axis displays a count of Lucidum Asset Name.

    • From the data returned by the query, the Series field specifies the values to show on the x-axis. In this case, the x-axis displays the Manager.

    • The Chart Type is “Bar”.

  • Most Common Critical CVEs. This chart displays a list of critical CVEs and the number of assets that have been affected by each CVE.

    • This chart queries the asset database and uses the query Critical CVE List length gt 0. This query searches for assets that have a list of critical CVEs with more than zero entries.

    • From the data returned by the query, the Category fields specifies the columns in the table. In this case, the count of the Lucidum Asset Name.

    • From the data returned by the query, the Series field specifies the row in the table. In this case, the table will have a row for each entry in the Critical CVE List.

    • The Chart Type is “Table”.

  • Most Common Risk Factors. This chart displays a list of risk factors and the number of assets that have been affected by each risk factor.

    • This chart queries the asset database and uses the query Risk Factor length gt 0. This query searches for assets that have a list of risk factors with more than zero entries.

    • From the data returned by the query, the Category fields specifies the columns in the table. In this case, a count of each Lucidum Asset Name.

    • From the data returned by the query, the Series field specifies the row in the table. In this case, the table will have a row for each entry in the Risk Factors.

    • The Chart Type is “Table”.

  • Top-n Assets by Risk Score. This chart displays the names of assets with the top-100 highest risk scores.

    • This chart queries the asset database and uses the query Risk Score exists AND Lucidum User Name exists. This query searches for assets that have a risk score and an associated user.

    • From the data returned by the query, the Category fields specifies the columns in the table. In this case, the maximum value of Risk Score.

    • From the data returned by the query, the Series field specifies the row in the table. In this case, the table will have a row for each Source Asset Name.

    • The Chart Type is “Table”.

Vulnerabilities

The Vulnerabilities dashboard lists all the identities in your Lucidum system and details about each identity.

The Vulnerabilities dashboard looks like this:

Base Query

  • This dashboard includes a single chart.

  • The chart queries the Vulnerability database and uses the query CVE Listto find all vulnerabilities in your Lucidum system.

Charts

  • This dashboard includes a single chart.

  • From the data returned by the query, the Category fields specifies the columns in the table. In this case, CVE Description, CVE List, CVE Software::Name, CVSS Severity, Known Exploited Vulnerability, CVSS Score, CVSS Version, Lucidum Verified Risk, EPSS Score, EPSS Percentile.

  • The Chart Type is “Table”.

In the Vulnerabilities dashboard, you can view the following about each asset:

  • CVE Description. Description of the CVE, as described by Mitre.

  • CVE List. The ID for the CVE, as provided by Mitre.

  • CVE Software Name. One or more software packages affected by the CVE.

  • CVE Software Vendor. Vendors associated with the entries in CVE Software Name.

  • CVSS Severity. Severity in the Common vulnerability scoring system. A mathematical/statistical scoring or vulnerabilities. Maintained by FIRST (forum of incident response and security teams).

  • Known Exploited Vulnerability. Specifies if this is a Known Exploited Vulnerability, as specified by CISA.

  • CVSS Score. Score in the Common vulnerability scoring system. A mathematical/statistical scoring for vulnerabilities. Maintained by FIRST (forum of incident response and security teams).

  • CVSS Version. Version of the Common vulnerability scoring system . A mathematical/statistical scoring for vulnerabilities. Maintained by FIRST (forum of incident response and security teams).

  • Lucidum Verified Risk. Lucidum calculates Lucidum Verified Risk by ingesting CVSS data, KEV data, and EPSS data about a vulnerability and applying proprietary rule-based algorithms and machine learning algorithms. The lowest possible score is “1”. The highest possible score is "100". The higher the Lucidum Verified Risk score, the greater the risk.

  • EPSS Score. Score in the Exploit prediction scoring system. A mathematical/statistical scoring for exploits. Maintained by FIRST (forum of incident response and security teams)

    • EPSS Percentile. Percentile in the Exploit prediction scoring system. A mathematical/statistical scoring for exploits. Maintained by FIRST (forum of incident response and security teams)

For each column name, you can:

  • Sort by ASC. Sort the results by this column, in ascending order.

  • Sort by DESC. Sort the results by this column, in descending order.Pin to left. The column is pinned to the left border. When you scroll left to right to view all the columns, this column stays on the left border.

  • Pin to right. The column is pinned to the right border. When you scroll left to right to view all the columns, this column stays on the right border.

  • Filter. Allows you to filter the table by one or more columns in the results table.

  • Hide Column. Removes the column from the page.

  • Manage columns. You can include or not include one or more columns in the results table.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.