Skip to main content
Skip table of contents

Threat Intelligence Dashboards

The pre-built Value-Oriented Dashboards include the following Threat Intelligence dashboards:

  • Assets w/Top Exploited CVEs (CISA 2021). This dashboard displays information about assets with CVEs.

  • Assets w/Top15 Exploited CVEs (SentinelOne 2022). The Assets w/Top15 Exploited CVEs dashboard displays information about assets where the top 15 most commonly exploited CVEs are active.

  • Exposed Assets. The Exposed Assets dashboard displays assets that are publicly exposed with an external port.

  • Risk Overview. This dashboard displays information about the assets in the environment and their risk levels.

Required Connectors

To find all the assets in your environment and the vulnerability, CVE, and risk information about the assets in your envrionment, Lucidum recommends you configure Lucidum connectors for:

  • The Endpoint Management solutions in your environment (for example, Jamf, Intune, Citrix Endpoint Management, Symantec Endpoint Management, Hexnode)

  • The Endpoint Protection solutions in your environment (for example, Trellix Endpoint Security, Symantec Endpoint Protection, SentinelOne, Crowdstrike Falcon, Microsoft Defender for Endpoint )

  • The Endpoint Detection and Response solutions in your environment (for example, SentinelOne, Falcon Crowdstrike, Trend Micro XDR, Check Point Harmony Endpoint, Cortex XDR)

  • The cloud security solutions in your environment for cloud assets (for example, Netskope, Illumio Core, Orca, Tenable.io, Trend Micro Cloud One, Sophos Central)

  • The anti-virus solutions or vulnerability management solutions in your environment (for example, Burp Suite, Cycognito, Greenbone, Kenna, MS Defender, Qualys, Rapid7, Tenable, Vulcan)

  • The Mobile Device Management solutions in your environment (for example, Addigy, Citrix Endpoint, Jamf Pro, Kandji)

  • The directory solutions in your environment (For example, Azure AD, Microsoft AD, Jump Cloud, PingOne, OpenLDAP,)

  • The DHCP solutions in your environment (For example, Infoblox, Efficient IP, BlueCat)

  • The VPN solutions in your environment (For example, Cisco AnyConnect, FortiClient, Palo Alto VPN, Citrix Gateway, Zscaler Private Access)

  • The cloud solutions in your environment (for example, AWS, Azure, Google Cloud, Oracle Cloud)

Assets /w the Most Exploited CVEs

The Assets /w the Most Exploited CVEs dashboard displays information about assets with CVEs.

The Assets /w the Most Exploited CVEs dashboard looks like this:

Base Query

Most of the asset charts in this dashboard this query:

CVE List match -2021-(44228|40539|34523|34473|31207|27065|26858|26857|26855|26084|21972) OR CVE List match -2020-(1472|0688) OR CVE List match -2019-(11510) OR CVE List match -2018-(13379)OR CVE List match -2021-(3156|27852|22893|20016|1675) OR CVE List match -2021-(42237|35464|27104|27103|27102|27101|21985|20038|40444|34527) OR CVE List match -2020-(2509) OR CVE List match -2019-(19781|18935) OR CVE List match -2018-(0171) OR CVE List match -2017-(11882|0199).

This query looks for assets that have one or more of the following active CVEs:

  • CVE-2021-44228

  • CVE-2021-40539

  • CVE-2021-34523

  • CVE-2021-34473

  • CVE-2021-31207

  • CVE-2021-27065

  • CVE-2021-26858

  • CVE-2021-26857

  • CVE-2021-26885

  • CVE-2021-26084

  • CVE-2021-21972

  • CVE -2020-1472

  • CVE -2020-0688

  • CVE -2019-11510

  • CVE-2018-13379

  • CVE-2021-3156

  • CVE-2021-27852

  • CVE-2021-22893

  • CVE-2021-20016

  • CVE-2021-1675

  • CVE-2021-42237

  • CVE-2021-35464

  • CVE-2021-27104

  • CVE-2021-27103

  • CVE-2021-27102

  • CVE-2021-27101

  • CVE-2021-21985

  • CVE-2021-20038

  • CVE-2021-40444

  • CVE-2021-34527

  • CVE-2020-2509

  • CVE-2019-19781

  • CVE-2019-18935

  • CVE-2018-0171

  • CVE-2017-11882

  • CVE-2017-0199

If you want to edit the charts in this dashboard, you can supply a different list of CVEs in the query.

Charts

To view details about each chart, click the pencil icon (

).

  • Asset Count. This chart displays the count of assets with active CVEs.

    • This chart uses the query CVE List match -2021-(44228|40539|34523|34473|31207|27065|26858|26857|26855|26084|21972) OR CVE List match -2020-(1472|0688) OR CVE List match -2019-(11510) OR CVE List match -2018-(13379)OR CVE List match -2021-(3156|27852|22893|20016|1675) OR CVE List match -2021-(42237|35464|27104|27103|27102|27101|21985|20038|40444|34527) OR CVE List match -2020-(2509) OR CVE List match -2019-(19781|18935) OR CVE List match -2018-(0171) OR CVE List match -2017-(11882|0199). This query looks for all assets that have one or more of these CVEs in their CVE list.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart does not use an additional filter.

    • The Chart Type is “Big Number”.

  • Active CVEs. This chart looks at all assets with active CVEs and displays which CVEs are present in the environment.

    • This chart uses the query CVE List match -2021-(44228|40539|34523|34473|31207|27065|26858|26857|26855|26084|21972) OR CVE List match -2020-(1472|0688) OR CVE List match -2019-(11510) OR CVE List match -2018-(13379)OR CVE List match -2021-(3156|27852|22893|20016|1675) OR CVE List match -2021-(42237|35464|27104|27103|27102|27101|21985|20038|40444|34527) OR CVE List match -2020-(2509) OR CVE List match -2019-(19781|18935) OR CVE List match -2018-(0171) OR CVE List match -2017-(11882|0199). This query looks for all assets that have one or more of these CVEs in their CVE list.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by CVE List. This filter displays a list of CVEs and the number of assets that have been affected by each CVE.

    • The Chart Type is “Pie”.

  • Operating Systems Affected. This chart displays all the operations sytems and versions in the environment that are affected by CVEs.

    • This chart uses the query CVE List match -2021-(44228|40539|34523|34473|31207|27065|26858|26857|26855|26084|21972) OR CVE List match -2020-(1472|0688) OR CVE List match -2019-(11510) OR CVE List match -2018-(13379)OR CVE List match -2021-(3156|27852|22893|20016|1675) OR CVE List match -2021-(42237|35464|27104|27103|27102|27101|21985|20038|40444|34527) OR CVE List match -2020-(2509) OR CVE List match -2019-(19781|18935) OR CVE List match -2018-(0171) OR CVE List match -2017-(11882|0199). This query looks for all assets that have one or more of these CVEs in their CVE list.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by OS and Version. This filter displays a list of CVEs and the number of Operating Systems that have been affected by each CVE.

    • The Chart Type is “Pie”.

  • Vulnerable Assets. This chart lists the names of assets that have active CVEs.

    • This chart uses the query CVE List match -2021-(44228|40539|34523|34473|31207|27065|26858|26857|26855|26084|21972) OR CVE List match -2020-(1472|0688) OR CVE List match -2019-(11510) OR CVE List match -2018-(13379)OR CVE List match -2021-(3156|27852|22893|20016|1675) OR CVE List match -2021-(42237|35464|27104|27103|27102|27101|21985|20038|40444|34527) OR CVE List match -2020-(2509) OR CVE List match -2019-(19781|18935) OR CVE List match -2018-(0171) OR CVE List match -2017-(11882|0199). This query looks for all assets that have one or more of these CVEs in their CVE list.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Vuln_List.CVE by Lucidum Asset Name. This filter displays a list of asset names and the number of CVEs for each asset. Vuln_List can include names of vulnerabilities and names of CVEs. Vuln_List.CVE specifies to count each CVE entry in the Vuln_List field for each asset in the query.

    • The Chart Type is “Table”.

  • Remediation Progress. This chart displays the number of assets that still have active CVEs each day.

    • This chart uses the query CVE List match -2021-(44228|40539|34523|34473|31207|27065|26858|26857|26855|26084|21972) OR CVE List match -2020-(1472|0688) OR CVE List match -2019-(11510) OR CVE List match -2018-(13379)OR CVE List match -2021-(3156|27852|22893|20016|1675) OR CVE List match -2021-(42237|35464|27104|27103|27102|27101|21985|20038|40444|34527) OR CVE List match -2020-(2509) OR CVE List match -2019-(19781|18935) OR CVE List match -2018-(0171) OR CVE List match -2017-(11882|0199). This query looks for all assets that have one or more of these CVEs in their CVE list.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Record Generated::Day. This filter displays a list of asset names that still match the query each day.

    • The Chart Type is “Bar”.

  • Assets with Common Exploits. This chart displays the CVEs with the highest number of associated assets.

    • This chart uses the query CVE List match -2021-(44228|40539|34523|34473|31207|27065|26858|26857|26855|26084|21972) OR CVE List match -2020-(1472|0688) OR CVE List match -2019-(11510) OR CVE List match -2018-(13379)OR CVE List match -2021-(3156|27852|22893|20016|1675) OR CVE List match -2021-(42237|35464|27104|27103|27102|27101|21985|20038|40444|34527) OR CVE List match -2020-(2509) OR CVE List match -2019-(19781|18935) OR CVE List match -2018-(0171) OR CVE List match -2017-(11882|0199). This query looks for all assets that have one or more of these CVEs in their CVE list.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by CVE List. This filter displays a list of CVE names and the number of assets associated with each CVE.

    • The Chart Type is “Table”.

Assets w/Top15 Exploited CVEs (SentinelOne 2022)

The Assets w/Top15 Exploited CVEs dashboard displays information about assets where the top 15 most commonly exploited CVEs are active.

The Assets w/Top15 Exploited CVEs dashboard looks like this:

Base Query

Most of the asset charts in this dashboard use this query:

CVE List match -2021-(44228|40539|31207|34473|34523|26885|26857|26858|27065|26084|21972) or CVE List match -2020-(1472|0688) or CVE List match -2019-11510 or CVE List match -2018-13379.

This query looks for assets that have one or more of the following active CVEs:

  • CVE-2021-44228

  • CVE-2021-40539

  • CVE-2021-31207

  • CVE-2021-34473

  • CVE-2021-34523

  • CVE-2021-26885

  • CVE-2021-26857

  • CVE-2021-26858

  • CVE-2021-27065

  • CVE-2021-26084

  • CVE-2021-21972

  • CVE -2020-1472

  • CVE -2020-0688

  • CVE -2019-11510

  • CVE-2018-13379

Charts

  • Asset Count. This chart displays the count of assets with active CVEs.

    • This chart uses the base query.

    • The Summary further filters and organizes the query results for display in the chart. This chart displays the count of assets that meet the query criteria.

    • The Chart Type is “Big Number”.

  • Active CVEs. This chart looks at all assets with active CVEs and displays which CVEs are present in the environment.

    • This chart uses the base query.

    • The Summary further filters and organizes the query results for display in the chart. This chart uses the additional filter count Lucidum Asset Name by CVE List. This filter displays a list of CVEs and the number of assets that have been affected by each CVE.

    • The Chart Type is “Pie”.

  • Operating Systems Affected. This chart displays all the operations systems and versions in the environment that are affected by CVEs.

    • This chart uses the base query.

    • The Summary further filters and organizes the query results for display in the chart. This chart uses the additional filter count Lucidum Asset Name by OS and Version. This filter displays a list of CVEs and the number of Operating Systems that have been affected by each CVE.

    • The Chart Type is “Pie”.

  • Vulnerable Assets. This chart lists the names of assets that have active CVEs.

    • This chart uses the base query.

    • The Summary further filters and organizes the query results for display in the chart. This chart uses the additional filter count Vuln_List.CVE by Lucidum Asset Name. This filter displays a list of asset names and the number of CVEs for each asset. Vuln_List can include names of vulnerabilities and names of CVEs. Vuln_List.CVE specifies to count each CVE entry in the Vuln_List field for each asset in the query.

    • The Chart Type is “Table”.

  • Remediation Progress. This chart displays the number of assets that still have active CVEs each day.

    • This chart uses the base query.

    • The Summary further filters and organizes the query results for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Record Generated::Day. This filter displays a list of asset names that still match the query each day.

    • The Chart Type is “Bar”.

  • Assets with Common Exploits. This chart displays the CVEs with the highest number of associated assets.

    • This chart uses the base query.

    • The Summary further filters and organizes the query results for display in the chart. This chart uses the additional filter count Lucidum Asset Name by CVE List. This filter displays a list of CVE names and the number of assets associated with each CVE.

    • The Chart Type is “Table”.

Exposed Assets

The Exposed Assets dashboard displays assets that are publicly exposed with an external port.

The Exposed Assets dashboard looks like this:

Base Query

Most of the asset charts in this dashboard use a query like:

External Port exists

The query searches for all assets with an external port.

Charts

To view details about each chart, click the pencil icon (

).

  • Assets w/Exposed Ports Total. This chart displays the number of assets with one or more external ports.

    • This chart uses the query External Ports exists. This query searches for all assets that include an external port.

    • The Summary further filters and organizes the query results for display in the chart. This filter displays the number of assets returned by the query.

    • The Chart Type is “Big Number”.

  • Assets w/Exposed Ports Critical Vulns Exist. This chart displays the number of assets with one or more external ports and a Critical CVEs.

    • This chart uses the query External Ports exists AND Critical CVE List exists. This query searches for all assets that include an external port and also include critical CVEs.

    • The Summary further filters and organizes the query results for display in the chart. This filter displays the number of assets returned by the query.

    • The Chart Type is “Big Number”.

  • Assets w/Exposed Ports TOR Node or SANS Malicious IP. . This chart displays the number of assets with one or more external ports and an IP from a TOR node.

    • This chart uses the query External Ports exists AND Critical CVE List exists. This query searches for all assets that include an external port and also include an IP from a TOR node.

    • The Summary further filters and organizes the query results for display in the chart. This filter displays the number of assets returned by the query.

    • The Chart Type is “Big Number”.

  • Assets w/Exposed Ports Listing. This chart lists the assets with one or more external ports.

    • This chart uses the query External Ports exists. This query searches for all assets that include an external port.

    • The Summary further filters and organizes the query results for display in the chart. This filter lists the following about the assets returned by the query:

      • Lucidum Asset Name

      • Full Domain Name

      • Lucidum OS Category

      • External Ports

      • Public IP Address

      • Instance Type

      • Cloud Account

      • Critical Vulns

      • High Vulns

      • Tags

    • The Chart Type is “Table”.

  • Assets by External Ports. This chart displays the number of assets with one or more external ports, organized by external port.

    • This chart uses the query External Ports exists. This query searches for all assets that include an external port.

    • The Summary further filters and organizes the query results for display in the chart. This filter displays the number of assets returned by the query, organized by external port.

    • The Chart Type is “Bar”.

  • Assets w/Exposed Ports 90-Day History. This chart displays the total number of assets with one or more external ports, each day for the last 90 days.

    • This chart uses the query External Ports exists AND Record Generated Time within past 3 months. This query searches for all assets that include an external port within the last 3 months.

    • The Summary further filters and organizes the query results for display in the chart. This filter displays the number of assets returned by the query, organized by the day the asset record was created or updated.

    • The Chart Type is “Bar”.

Risk Overview

The Risk Overview dashboard displays information about the assets in the environment and their risk levels.

The Risk Overview dashboard looks like this:

Risk Factors

Risk Factors are known security risks that Lucidum has discovered. Some example risk factors are:

  • Endpoint protection is not installed

  • Endpoint protection is not updated

  • Critical vulnerability is found

  • High-risk application is found

Risk Level

Lucidum organized Risk Level into three bins (Low, Medium, High).

You can use risk level to prioritize daily security tasks. For example, you might choose to reduce risks for assets with a risk level of “high”.

Risk Level is useful for pie charts and bar charts. Risk Level also helps users drill-down in the Dashboards page. For example, users can drill down into high-risk assets to view information about those assets.

Risk Score

Lucidum calculates Risk Score using proprietary rule-based algorithms and machine learning algorithms. The risk score comprises information that Lucidum has discovered about the asset or user (Risk Factors) combined with the security risk for the data associated with the asset or user. The overall risk score for an asset is greater if the associated data is more sensitive (has a higher risk value). Highly confidential data has the highest risk value.

The lowest possible risk score is “1”. The highest possible score is unbounded; there is no defined highest possible value for risk score.

Risk score changes only if you mitigate the risks that Lucidum has discovered about the asset or user. For example, if Lucidum determines that an asset does not include endpoint protection, you can reduce the risk score for that asset by installing endpoint protection.

You can create a times series chart to monitor risk score and monitor the trend of the risk score.

Base Query

Most of the asset charts in this dashboard use a query like:

Risk Level match 3-high

or

Risk Factors length gt 0

The first query searches for all assets with a risk level of High.

The second query looks for assets that have a list of risk factors with more than zero entries.

If you want to edit these charts, you can supply a different field in the query. To view all fields for assets, in the Query Builder, scroll through the values for Field.

Charts

To view details about each chart, click the pencil icon (

).

  • Assets by Risk Level. This chart displays the number of assets with risk levels of high, medium, and low.

    • This chart uses the query Risk Level exists. This query searches for all assets that include a value in the Risk Level field.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Risk Level. This filter displays the number of assets of at each Risk Level.

    • The Chart Type is “Bar”.

  • High-Risk Assets. This chart displays the daily number of assets with a risk level of “High”.

    • This chart uses the query Risk Level match 3-high. This query searches for all assets that have a Risk Level of “High”.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Record Generated Time::Day. This filter displays the number of assets with a risk level of “high” for the last 15 days.

    • The Chart Type is “Bar”.

  • Medium-Risk Assets. This chart displays the daily number of assets with a risk level of “Medium”.

    • This chart uses the query Risk Level match 2-medium. This query searches for all assets that have a Risk Level of “Medium”.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Record Generated Time::Day. This filter displays the number of assets with a risk level of “medium” for the last 15 days.

    • The Chart Type is “Bar”.

  • Low-Risk Assets. This chart displays the daily number of assets with a risk level of “Low”.

    • This chart uses the query Risk Level match 1-low. This query searches for all assets that have a Risk Level of “Low”.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Record Generated Time::Day. This filter displays the number of assets with a risk level of “low” for the last 15 days.

    • The Chart Type is “Bar”.

  • Assets At-Risk by Department. This chart displays the departments that have assets with any risk level (high, medium, or low).

    • This chart uses the query Risk Level exists AND Department exists. This query searches for all assets that have a Risk Level and also belong to a department.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Department. This filter displays each department with at-risk assets and the number of assets with a risk level in each department.

    • The Chart Type is “Bar”.

  • Most Common Critical CVEs. This chart displays a list of critical CVEs and the number of assets that have been affected by each CVE.

    • This chart uses the query Critical CVE List length gt 0. This query searches for assets that have a list of critical CVEs with more than zero entries.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Critical CVE List. This filter displays a list of critical CVEs and the number of assets that have been affected by each CVE.

    • The Chart Type is “Table”.

  • Most Common Risk Factors. This chart displays a list of risk factors and the number of assets that have been affected by each risk factor.

    • This chart uses the query Risk Factor length gt 0. This query searches for assets that have a list of risk factors with more than zero entries.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Risk Factors. This filter displays a list of risk factors and the number of assets that have been affected by each risk factor.

    • The Chart Type is “Table”.

  • Top-n Assets by Risk Score. This chart displays the names of assets with the top-100 highest risk scores.

    • This chart uses the query Risk Score exists AND Lucidum User Name exists. This query searches for assets that have a risk score and an associated user.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter max Risk Score by Source Asset Name. This filter displays the maximum risk score for each asset and the name of the asset.

    • The Chart Type is “Table”.

  • Assets At-Risk by Manager. This chart displays the managers that have assets with any risk level (high, medium, or low).

    • This chart uses the query Risk Level exists AND Manager exists. This query searches for all assets that have a Risk Level and also have a manager.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Manager. This filter displays each manager with at-risk assets and the number of assets with a risk level for each manager.

    • The Chart Type is “Bar”.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close