Table of Contents
Introduction
This article and video will provide an overview of the power of custom filters in Falcon Spotlight. Spotlight provides customers with realtime data about the vulnerabilities in the environment. With custom filters, organizations can quickly sort that data to focus on critical assets, vulnerabilities and remediations. Those filters can then be saved for repeat use in the future.
Video
https://www.youtube.com/watch?v=3E7XWpOurAs
Filtering Vulnerability Data
By default, the Spotlight dashboard displays a summary of all open vulnerabilities in the environment with a breakdown by severity.
That data can be filtered using the faceted search at the top of the page or a number of other attributes shown in the menu below.
Once the desired criteria are in place, users also have the option to save that filter for repeat use. In the example below, the new saved filter will identify all open, critical vulnerabilities on hosts in the remote systems group. Filters can also be created from the “Custom Filters” app.
Using Saved Filters
Once filters are saved, they can be accessed from the pull down menu on the Spotlight dashboard or the Vulnerabilities app.
Upon selecting a saved filter, the criteria and results are immediately displayed. The “New Firefox vulnerabilities” filter reflects only vulnerabilities in the Firefox product that have been opened in the last thirty days.
With the custom filter in place, users still have the ability to use the menu bar to further filter the information. However, there is also the option to “group” the resulting vulnerabilities by host, product, product version and remediation. These options provide different views of the data to help prioritize patching efforts.
Prioritized Remediation
Because a given patch or upgrade can resolve multiple vulnerabilities, grouping vulnerabilities by remediation helps organizations quickly understand how they can quickly address large groups of vulnerabilities. In the example below, the filter displays high and critical severity open vulnerabilities in the San Francisco office. Grouping by host indicates that all of the reporting vulnerabilities exist on one host. Grouping by remediation shows which two updates should be installed first to address the vast majority of the vulnerabilities.
Closing
Falcon Spotlight provides custom filters and prioritized remediation to help companies quickly understand vulnerability data, identify risk and prioritize remediation.
More resources
Leave a Reply