Cyber GRC Ideas Portal
ADD A NEW IDEA

Threat & Vulnerability Management

Showing 11

No provision to find Vulnerability Ageing

Adding Vilnerability Ageing to the Rule Wizard and Calculate & Fetch the First Identified Date and Last Scanned date from tenable-to configure the automation for items that are not compliant as per the risk appetite Customer use Tenable ...
Guest about 5 years ago in Threat & Vulnerability Management 0 Pending Roadmap Inclusion

assets that are linked to critical processes or to critical business objectives should automatically have a high business criticality

this would allow users to have a top-down approach to managing the business criticality of assets.
Guest about 7 years ago in Threat & Vulnerability Management 1 Pending Roadmap Inclusion

Triggering single issue for tracking same vulnerabilities across different assets.

we need the feature to create single issue for tracking same vulnerabilities. For example if the identified vulnerability affects more than one asset (Server), we need the ability to create single issue to track the patching remediation for all th...
Guest about 8 years ago in Threat & Vulnerability Management 1 Pending Roadmap Inclusion

Configurable connectors

SABB has no asset/CMDB like Atrium. They want the Nexpose connector to create Asset/Asset-Class GRC library from the vulnerability information itself. Creating asset from Nexpose feed through ETL and business criticality to be governed by fields ...
Guest over 6 years ago in Threat & Vulnerability Management 0 Pending Roadmap Inclusion

Data feed from external scanning vendors should be up-loadable and tracked in MSI platform using ISM

SABB employs the services of 2 external vendors to scan the internet facing IP addresses to check for any vulnerabilities. These results (2 different excel formats) should be up-loadable into the system. The external IP can in fact refer to the sa...
Guest over 6 years ago in Threat & Vulnerability Management 0 Pending Roadmap Inclusion

Auto closure of issues if related vulnerability is not active

Issues created by vulnerability scan should be auto-closed if in the subsequent scans, that vulnerability is not active A new source type – External Vulnerability Update to be supported in Issue management app. This feature should be an optional f...
Guest over 6 years ago in Threat & Vulnerability Management 0 Pending Roadmap Inclusion

New comparison report to track SLA adherence

The SLA applied by TVM team on IT resource users is 90 days. All the issues open on the 1st day of the quarter has to be stored (Issue, Action, start date, Due Date, Title, Pending with, Owner by Org, Owner etc.,). The same vulnerabilities/issues ...
Guest over 6 years ago in Threat & Vulnerability Management 0 Pending Roadmap Inclusion

Pre-Vulnerability scan workflow and Approval workflow

Users can raise request/ticket for server movement, new server commissioning, production movement etc., This will trigger Nexpose scan on the target IP by TVM coordinator Once the vulnerability scan results are out and no issues are triggered, the...
Guest over 6 years ago in Threat & Vulnerability Management 0 Pending Roadmap Inclusion

When Scanning the key should be configurable from IP address to Hostname

When assets are pulled in from CMDB Service Now IP address information is not held. Therefore the scanner will pick up many IP addresses where the Asset is available but no IP information is entered. The ask is to include in M7 the ability to conf...
Guest over 7 years ago in Threat & Vulnerability Management 2 Pending Roadmap Inclusion

Add Process linkage as an attribute in Remediation Rule setup.

From an integrated GRC approach it adds value to have an Asset's Process linkage available under Asset vocabulary when defining Remediation Rules.
Deleted User over 8 years ago in Threat & Vulnerability Management 0 Pending Roadmap Inclusion