During February we are releasing a new Vulnerability Metrics tab on the edgescan dashboard.
Currently Full Reporting & API access for metrics is available, so that you can report on any asset or vulnerability at any time, open or closed. We also offer the ability to report on assets that are tagged with a user defined attribute.
The tagging feature allows you to tag assets in edegscan however you wish, with single or multiple tags.
The current metrics include:
- Risk over time
- Vulnerability count
- Asset Risk
- Recent activity
- Vuln opened
- Vuln closed
- Asset discovered
- New port/service discovered on exposed asset.
- Note added to asset
- Host rediscovered
Below are some new metrics scheduled for release Q2 2019.
- Remediation Performance Score:
Your Remediation Performance Score is an overall health score for your assets; it allows you to see clearly how your assets performing in terms of security. To calculate this score, all other metric scores for your assets are taken into account. They are intelligently combined and weighted to calculate this all-encompassing metric.
See image below for metrics dashboard:
- Average Patch Performance:
The Average Patch Performance is the Mean Time to Remediate for assets which have vulnerabilities which have CVE records associated with them.
- Max Severity:
This is the maximum severity value associated with the vulnerabilities on your assets.
- CVSS Percentage (high/low):
Your CVSS Asset Percentage is the percentage of your assets which have vulnerabilities with a CVSS score above a certain threshold. There are two brackets into which assets can fall for this metric:
Medium: Assets which have vulnerabilities with a CVSS score above 4. This also includes all assets in the high bracket.
High: All assets which have vulnerabilities with a CVSS score above 7.
- Mean Time To Remediate:
Mean Time to Remediate is the average time taken from a vulnerability being opened on one of your assets to the closing of that vulnerability. This value is first calculated over all vulnerabilities on an asset and then those values are aggregated to find the average value per asset. This metric is broken down by vulnerability risk levels.
- Average Assessment Count:
Your Average Assessment Count is the mean number of security assessments which have been completed on your assets.
- Vulnerable Asset Percentage:
Your Vulnerable Asset Percentage is the percentage of your assets which have a vulnerability which has a risk rating of high or critical.