From c5723f3fa9fbb62e7c58b779efa790aeb540a6ed Mon Sep 17 00:00:00 2001 From: Agil Antony Date: Wed, 23 Oct 2024 19:41:52 +0530 Subject: [PATCH] ROX26681 NVD CVSS documentation ROX26681 Improvements ROX26681 Improvements ROX26681 SME feedback ROX26681 Formatting fix --- ...dentify-vulnerabilities-in-nodes-vm20.adoc | 8 ++-- ...rability-management20-creating-report.adoc | 38 +++++++++++++------ .../vulnerability-management20-view-cve.adoc | 8 +++- 3 files changed, 39 insertions(+), 15 deletions(-) diff --git a/modules/identify-vulnerabilities-in-nodes-vm20.adoc b/modules/identify-vulnerabilities-in-nodes-vm20.adoc index 78cc78a888c3..3757a88b7474 100644 --- a/modules/identify-vulnerabilities-in-nodes-vm20.adoc +++ b/modules/identify-vulnerabilities-in-nodes-vm20.adoc @@ -41,7 +41,10 @@ a| a| * *Name*: The name of the CVE. * *Discovered time*: The date when {product-title-short} discovered the CVE. -* *CVSS*: The severity level for the CVE. You can select from the following options for the severity level: +* *CVSS*: The severity level for the CVE. ++ +The following values are associated with the severity level for the CVE: ++ ** *is greater than* ** *is greater than or equal to* ** *is equal to* @@ -61,5 +64,4 @@ a| . Optional: To refine the list of results, do any of the following tasks: * Click *CVE severity*, and then select one or more levels. * Click *CVE status*, and then select *Fixable* or *Not fixable*. -. Optional: To view the details of the node and information about the CVEs according to the CVSS score and fixable CVEs for that node, click a node name in the list of nodes. - +. Optional: To view the details of the node and information about the CVEs according to the CVSS score and fixable CVEs for that node, click a node name in the list of nodes. \ No newline at end of file diff --git a/modules/vulnerability-management20-creating-report.adoc b/modules/vulnerability-management20-creating-report.adoc index 863d7c53392e..1e842d302960 100644 --- a/modules/vulnerability-management20-creating-report.adoc +++ b/modules/vulnerability-management20-creating-report.adoc @@ -12,18 +12,34 @@ .Procedure . In the {product-title-short} portal, click *Vulnerability Management* -> *Vulnerability Reporting*. . Click *Create report*. -. Enter a name for your report configuration in the *Report name* field. -. Optional: Enter text describing the report configuration in the *Report description* field. -. In the *CVE severity* field, select the severity of common vulnerabilities and exposures (CVEs) that you want to include in the report configuration. -. Select the *CVE status*. You can select *Fixable*, *Unfixable*, or both. -. In the *Image type* field, select whether you want to include CVEs from deployed images, watched images, or both. -. In the *CVEs discovered since* field, select the time period for which you want CVEs to be included in the report configuration. -. In the *Configure collection included* field, you must configure at least one collection. Complete any of the following actions: -* Select an existing collection to include. To view the collection information, edit the collection, and get a preview of collection results, click *View*. When viewing the collection, entering text in the field searches for collections matching that text string. -* Click *Create collection* to create a new collection. +. In the *Configure report parameters* page, provide the following information: +** *Report name*: Enter a name for your report configuration. +** *Report description*: Enter a text describing the report configuration. This is optional. +** *CVE severity*: Select the severity of common vulnerabilities and exposures (CVEs) that you want to include in the report configuration. +** *CVE status*: Select one or more CVE statuses. ++ +The following values are associated with the CVE status: ++ +*** *Fixable* +*** *Unfixable* +** *Image type*: Select one or more image types. ++ +The following values are associated with image types: ++ +*** *Deployed images* +*** *Watched images* +** *CVEs discovered since*: Select the time period for which you want to include the CVEs in the report configuration. +** Optional: Select the *Include NVD CVSS* checkbox, if you want to include the NVD CVSS column in the report configuration. +** *Configure collection included*: To configure at least one collection, do any of the following tasks: +*** Select an existing collection that you want to include. ++ +To view the collection information, edit the collection, and get a preview of collection results, click *View*. ++ +When viewing the collection, entering text in the field searches for collections matching that text string. +*** To create a new collection, click *Create collection*. + [NOTE] ==== -For more information about collections, see "Creating and using deployment collections" in the "Additional resources" section. +For more information about collections, see "Creating and using deployment collections". ==== -. Click *Next* to configure the delivery destinations and optionally set up a schedule for delivery. +. To configure the delivery destinations and optionally set up a schedule for delivery, click *Next*. \ No newline at end of file diff --git a/modules/vulnerability-management20-view-cve.adoc b/modules/vulnerability-management20-view-cve.adoc index 5f57d80ec0bb..c98465ec6e7f 100644 --- a/modules/vulnerability-management20-view-cve.adoc +++ b/modules/vulnerability-management20-view-cve.adoc @@ -45,12 +45,18 @@ a| a| * *Name*: The name of the CVE. * *Discovered time*: The date when {product-title-short} discovered the CVE. -* *CVSS*: The severity level for the CVE. You can select from the following options for the severity level: +* *CVSS*: The severity level for the CVE. ++ +The following values are associated with the severity level for the CVE: ++ ** *is greater than* ** *is greater than or equal to* ** *is equal to* ** *is less than or equal to* ** *is less than* +* *NVD CVSS*: The National Vulnerability Database (NVD) provides a CVSS score between `0` to `10` for a CVE based on the severity of the vulnerability. ++ +For more information, see link:https://nvd.nist.gov/vuln-metrics/cvss[Vulnerability Metrics]. |Image Component a|