Threat Management
Category | Requirement | CSCC | SAMA CSF | ECC-1 |
|---|---|---|---|---|
Threat Management | Threat intelligence that includes cross-organization visibility and information-sharing to inform the development of system and security architectures, selection of security solutions, monitoring, threat hunting, and response and recovery activities. |
| 3.3.16 | 2-10-4 |
Lucidum can help you manage threats across your organization and help you share that data across your organization.
After Lucidum ingests data from your security solutions, Lucidum uses graph data, machine learning, and predictive analytics to detect and classify all assets and users, even those not detected by the solutions in your environment.
You can then create queries to find a list of all vulnerabilities and risks in your environment, export the list, or create dashboards.
You can also view pre-built dashboards, called Value-Oriented Dashboards or VODs. You can easily edit these dashboards to suit your needs or easily create your own custom dashboards about threat management.
Assets With the Most Exploited CVEs
The Assets /w the Most Exploited CVEs dashboard, included with Lucidum, displays information about assets with CVEs.
The Assets /w the Most Exploited CVEs dashboard looks like this:
The Assets /w the Most Exploited CVEs dashboard includes:
Asset Count. This chart displays the count of assets with active CVEs.
Active CVEs. This chart looks at all assets with active CVEs and displays which CVEs are present in the environment.
Operating Systems Affected. This chart displays all the operations sytems and versions in the environment that are affected by CVEs.
Vulnerable Assets. This chart lists the names of assets that have active CVEs.
Remediation Progress. This chart displays the number of assets that still have active CVEs each day.
Assets with Common Exploits. This chart displays the CVEs with the highest number of associated assets.
Risk Summary
The Risk Summary dashboard is an example of a custom dashboard. This dashboard looks at risk by department and by manager.
The Risk Summary dashboard includes:
Low Risk Assets. Number of assets per day with a risk level of “low”. Note that low risk means there is some risk.
Medium Risk Assets. Number of assets per day with a risk level of “medium”.
High Risk Assets. Number of assets per day with a risk level of “high”.
Assets by Risk Level. Number of assets at each risk level (high, medium, low)
Assets At-Risk by Department. Number of assets with a risk level (low, medium, or high) by departments.
Assets At-Risk by Manager. Number of assets with a risk level (low, medium, or high) by departments.
Top-n Assets by Risk Score. Top 100 assets with the highest risk scores.
Most Common Risk Factors. Top 100 risk factors in the environment and the number of assets with each risk.
Most Common Critical CVEs. Top 100 critical CVEs and the number of affected assets for each CVE.
Asset Violations by Department
Using the SANS Vulnerability Management Maturity Model (https://www.sans.org/posters/key-metrics-cloud-enterprise-vmmm/) again, this dashboard focuses on Windows assets missing SentinelOne, Mac assets missing Jamf, and misconfigured cloud instances. But this dashboard also displays information about the department associated with these assets and the users associated with these assets, so that department can remediate or so the IT department can monitor the assets more closely.
The Asset Violations by Department dashboard includes:
Sales Windows Missing SentinelOne. Displays the total number of Windows assets missing SentinelOne that reside in the sales department.
Sales Windows Missing SentinelOne. Displays the Windows assets missing SentinelOne, that reside in the sales department, and the location of those assets.
Sales MacOS Missing Jamf. Displays the total number of MacOS assets missing Jamf and that reside in the sales department.
Sales MacOS Missing Jamf. Displays the MacOS assets missing Jamf, that reside in the Sales department, and the user associated with those assets.
Sales Cloud Instances w/Default SG & Assigned IGW. Displays the total number of cloud instances associated with the default security group but also associated with an internet gateway (pubic facing) that reside in the Sales department.
Sales Cloud Instances w/Default SG & Assigned IGW. Displays the cloud instances associated with the default security group but also associated with an internet gateway (pubic facing), that reside in the sales department, and the location of those assets.
Finance Windows Missing SentinelOne. Displays the total number of Windows assets missing SentinelOne that reside in the finance department.
Finance Windows Missing SentinelOne. Displays the Windows assets missing SentinelOne, that reside in the finance department, and the location of those assets.
Finance MacOS Missing Jamf. Displays the total number of MacOS assets missing Jamf and that reside in the finance department.
Finance MacOS Missing Jamf. Displays the MacOS assets missing Jamf, that reside in the finance department, and the user associated with those assets.
Finance Cloud Instances w/Default SG & Assigned IGW. Displays the total number of cloud instances associated with the default security group but also associated with an internet gateway (pubic facing) that reside in the finance department.
Finance Cloud Instances w/Default SG & Assigned IGW. Displays the cloud instances associated with the default security group but also associated with an internet gateway (pubic facing), that reside in the finance department, and the location of those assets.
Finance Windows Missing SentinelOne. Displays the total number of Windows assets missing SentinelOne that reside in the finance department.
Marketing Windows Missing SentinelOne. Displays the Windows assets missing SentinelOne, that reside in the marketing department, and the location of those assets.
Marketing MacOS Missing Jamf. Displays the total number of MacOS assets missing Jamf and that reside in the marketing department.
Marketing MacOS Missing Jamf. Displays the MacOS assets missing Jamf, that reside in the marketing department, and the user associated with those assets.
Marketing Cloud Instances w/Default SG & Assigned IGW. Displays the total number of cloud instances associated with the default security group but also associated with an internet gateway (pubic facing) that reside in the marketing department.
Marketing Cloud Instances w/Default SG & Assigned IGW. Displays the cloud instances associated with the default security group but also associated with an internet gateway (pubic facing), that reside in the marketing department, and the location of those assets.
Certificate Summary
The Certificate Summary dashboard, included with Lucidum, displays information about SSL certificates, including information about the key algorithms, expiry dates, CA, and certificate versions.
The Certificate Summary dashboard looks like this:
The Certificate Summary dashboard includes:
Certificates Total. This chart displays the total number of certificates in the environment.
Algorithms. This chart displays the type of key algorithms in use by all the certificates.
Certificates: All Expiry Dates. This chart displays the next five expiry dates for certificates.
Certificates by CA. This chart displays the certificate authorities in use and the number of certificates assigned to each CA.
Certificate Versions. This chart display the types of certificates in the environment.
Expired Certs. This chart displays the number of certificates that have already expired.
Expired Certs All Expired. This chart displays the domains that have expired certificates.
Full Certificate List. This chart displays all domains with certificates.
Upcoming Expirations. This table lists the expiry dates coming up in the next 60 days and the number of assets that will expire on those dates.
Upcoming Expirations 60 Days Out. This chart displays the domains for which certificates will expire in the next 60 days.
EOL Operating Systems
The EOL Operating Systems dashboard, included with Lucidum, provides information about operating systems and operating system versions, including EOL operating systems.
The EOL Operating Systems dashboard looks like this:
The EOL Operating Systems dashboard includes:
All Windows Assets by OS Version. This chart displays the total number of Windows assets for each Windows OS version.
EOL Windows Assets by OS Ver. This chart displays all the end-of-life Windows versions in the environment and the number of assets running each EOL version of Windows.
All MacOS Assets by OS Version. This chart displays the total number of Mac assets for each MacOS version.
EOL MacOS Assets by OS Version. This chart displays all the end-of-life MacOS versions in the environment and the number of assets running each EOL version of MacOS.
EOL Windows Assets (Not Including AWS Generic "WINDOWS" EC2). This chart displays the name of each asset running an EOL version of Windows and the number of vulnerabilities associated with each asset.
EOL Windows Assets by Department (Not Including AWS Generic "WINDOWS" EC2). This chart displays the name of each department that has EOL windows assets and the number of such assets in each department.
EOL MacOs Assets. This chart displays the name of each asset running an EOL version of MacOS and the number of vulnerabilities associated with each asset.
EOL MacOS Assets by Department. This chart displays the name of each department that has EOL MacOS assets and the number of such assets in each department.