Search for Vulnerabilities

A workflow guide for searching for vulnerabilities in Epiphany.

Workflow

Epiphany allows you to quickly search for any vulnerability within its database by going to the Attack Path Tools -> Vulnerabilities page and using the Vulnerability Lookup tool. This is designed to help lessen the time you need to go find the data you need about the latest vulnerability or to help your prioritize what to do next. The Dashboard's toobox includes environmental and attack path components specifically designed to track vulnerabilities and highlight their use in attack paths. For the Epiphany-specific process we'll use the following workflow:

Go to Attack Path Tools -> Vulnerabilities.
Search for a vulnerability.
Review the results.

Search For a Vulnerability

The Vulnerability Lookup tool provides quick access to all the vulnerability knowledge within Epiphany for you to use in your vulnerability management decisions.

The Vulnerability Lookup tool is capable of full-text search of a vulnerability, meaning you can enter the CVE number of the vulnerability, vulnerability key words such as the affected application, or remediation-related terms. Epiphany will locate all the matches in the database. Epiphany will only display results for vulnerabilities that appear within your environment in order to lessen the required time searching through the data. A couple of key items in the search table to keep in mind:

EIP Score. This score is the Epiphany model's evaluation of the viability of this vulnerability for exploitation. This is the default ranking system Epiphany uses for how "bad" a vulnerability might be in your environment.
Type. This is the classification of the vulnerability in how and "where" it would be used by the attacker. Epiphany classifies three types of vulnerabilities you need to know about: remote code execution (RCE), social engineering (SE), and local privilege escalation (LPE). These are the three main types used by attackers to gain a foothold and move throughout the environment.
Host Count. This is the number of devices within the environment that have this vulnerability present.

NOTE: Clicking on the Host Count displays a searchable list of all the devices affected by the vulnerability. From here you can narrow down the results to just those in paths or those that meet some other criteria.

Review Results

Epiphany is all about speed. Everything you want to know is at your fingertips in Epiphany, including vulnerability data. To get the best results when searching through the vulnerability data and Epiphany in general, always include in_path=True with your search to start with only those devices or identities that are exposed to an attack path and widen or narrow your search from there. Happy hunting!

PreviousVulnerability Management NextPrioritize Vulnerabilities for Remediation

Last updated 2 years ago

Workflow

Go to Attack Path Tools -> Vulnerabilities.

Search for a vulnerability.

Review the results.

Search For a Vulnerability

The Vulnerability Lookup tool provides quick access to all the vulnerability knowledge within Epiphany for you to use in your vulnerability management decisions.

EIP Score. This score is the Epiphany model's evaluation of the viability of this vulnerability for exploitation. This is the default ranking system Epiphany uses for how "bad" a vulnerability might be in your environment.

Type. This is the classification of the vulnerability in how and "where" it would be used by the attacker. Epiphany classifies three types of vulnerabilities you need to know about: remote code execution (RCE), social engineering (SE), and local privilege escalation (LPE). These are the three main types used by attackers to gain a foothold and move throughout the environment.

Host Count. This is the number of devices within the environment that have this vulnerability present.

Review Results