Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add risk level severities to docs #4037

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Add risk level severities to docs #4037

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
300d97a
Add risk severities to docs
stephanie0x00 Jan 21, 2025
afdc5d4
Update user-manual.rst
stephanie0x00 Jan 21, 2025
f364085
Update user-manual.rst
stephanie0x00 Jan 21, 2025
ac306c3
Update docs/source/manual/user-manual.rst
stephanie0x00 Jan 21, 2025
6751166
Merge branch 'main' into docs/add-risk-severity
ammar92 Jan 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions docs/source/manual/user-manual.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,18 @@ Findings

The findings page gives an overview of all findings found by KAT. The filter section can be used to apply various filters to show specific findings (e.g. critical findings only) and/or hosts. The search bar can be used to search for specific findings or hosts. Clicking on a finding shows more information on this finding. Each finding can be viewed in the tree or graph by clicking the corresponding icons behind the finding.

Findings can have one of the following risk levels:

* **Critical:** critical findings may pose an immediate risk to the organization. The recommendation is generally to fix these findings immediately.
* **High:** high findings may pose an immediate risk to the organization. The recommendation is generally to fix these as soon as possible.
* **Medium:** medium findings may pose a risk to the organization. These findings can usually be picked up within maintenance windows and/or be scheduled work.
* **Low:** low risk findings may pose a risk to the orgazitation. These findings usually leak information and can be picked up within maintenance windows and/or be scheduled work.
* **Recommendations:** recommendation risk findings may pose a risk to the organization. These usually are configurations and settings can could be adjusted to improve the security of your environment.
* **Unknown:** OpenKAT was unable to determine the risk level for this finding. The reason for this could be that no classification has been given yet (e.g. CVE which hasn't been classified), or OpenKAT was not able to properly determine the impact on your environment. These findings usually require that the user determines the impact.
* **Pending:** pending risk findings do not have an assigned risk level (yet). Usually this means that the normalizer hasn't parsed these findings yet. Check the Normalizer section on the Tasks page to see if the KAT Finding Types normalizer is scheduled.

**Note on risk levels:** Risk severities only look at individual risks of findings. Attackers can possibly chain (combine) vulnerabilities (e.g. with a low and/or medium risk level) and combine them to form a more complex attack and possibly more critical risk. These types of findings are **not** indicated by OpenKAT. These types of attacks are generally spotted during human executed penetration testing.

A finding is also an object in the data model. This simply means that the finding can also be found on the Objects page.

.. image:: img/findings.png
Expand Down
Loading