DocumentationAPI ReferenceRelease Notes

CVEs Prioritization

Suggest Edits

Overview

Panoptica scans for vulnerabilities using different tools and threat intelligence feeds, including:

  1. AWS EC2 disk scanning
  2. K8s image scanning
  3. Intsights - vulnerabilities and darknet threat intelligence
  4. Shodan - public assets network scanner
  5. Spyse - public assets threat intelligence

Prioritization of CVEs

To reduce overload, Panoptica prioritizes the expansive list of vulnerabilities found in your environment. This enables you to focus on the CVEs that matter most, reducing the effort required to review and mitigate the vulnerabilities that will have the most impact on improving your security posture.

As an example, in the image below, Panoptica detected 3,488 vulnerabilities in all accounts. When filtered by "Prioritized: True", that is reduced to just 425 CVEs.

How Does the Prioritization Work?

The vulnerabilities are prioritized by the following logic:

  1. Any vulnerability publicly exposed and detected by a network scanner.
  2. Any exploitable network based attack vector vulnerability that resides in a public asset.
  3. Any network-based attack vector vulnerability with a CVSS score higher than 8, which resides in a
    public asset.
  4. Any local-based attack vector vulnerability with a CVSS score higher than 8, which is related to a potential detected attack path.
  5. Any vulnerability with a CVSS score higher than 9, which does not require a physical attack vector.

Updated 4 months ago