This page is designed to help you understand what the graphs and metrics mean on various pages throughout Nucleus. This will explain how the charts are calculated, and what information you may be able to pull from them.
This page is organized by Left-hand Menu item as the big header, and panel titles in smaller headers to help you find the exact locations within Nucleus to which this page refers.
Vulnerability Trends Chart
The vulnerability trends chart is a measure of how your organization is doing over time in closing vulnerabilities of different severities. The trends chart measures the number of open vulnerabilities in your organization on different dates so that you can extrapolate the measure of effectiveness for your vulnerability management team. This chart is designed to show stakeholders the progress, or need for budget, for your vulnerability management program in as simple a view as possible.
All of the results from your vulnerability scan results are displayed over time, with different lines referring to different severity vulnerabilities, such as high, medium, or low. This chart is great evidence for your C-suite to see how you are managing your vulnerabilities and risk over time.
This chart is designed to give you a glimpse very quickly into what vulnerabilities have been discovered recently. It is a timeline from all your scans, in the time period you choose, to show you when vulnerabilities of different severities have been found.
In a nutshell, this chart allows you to see changes between scans, which resulted in new vulnerabilities, and on what date, very quickly. This allows a vulnerability analyst to investigate the cause of the new vulnerabilities on that scan or during that specific period of time when multiple (or severe) vulnerabilities were introduced to the organization.
Similarly, the vulnerabilities remediated chart is the opposite of "Vulnerabilities Discovered". It shows the "metadata" metrics for changes between scans, from the perspective of vulnerabilities being fixed rather than discovered. This allows analysts or stakeholders to investigate how certain changes may have affected the overall risk to the organization on specific dates or software releases.
Average Vulnerability Lifetime
Average vulnerability lifetime is meant to give your organization and stakeholders a measure of how long vulnerabilities of different severities stayed open before being fixed. Nucleus takes all of the vulnerabilities remediated and takes the average remediation time at various severity levels so that an organization is able to determine if they are meeting their organizational SLA's and to give insight into the effectiveness of the vulnerability management program from that perspective. For example, it allows a user to report to the C-suite, with evidence, that they are patching all critical vulnerabilities within 14 days of discovery.
Currently, the chart is specifically calculated based on vulnerabilities remediated. The amount of time that the vulnerability was open to when it was confirmed fixed is the remediation time as calculated in Nucleus.
Vulnerabilities by Scan Type
This chart is intended to give a user a quick view into which tools found which vulnerabilities. Just knowing how many vulnerabilities are open or how many assets are affected by different vulns is not enough to effectively analyze your tools and determine which are providing the most value to your organization. The Vulnerabilities by Scan Type chart gives a user the ability to quickly see and judge which types of vulnerabilities are the most prevalent, and from which tools they are found. Ideally, this will also allow you to judge different tools' effectiveness over time by comparing the findings of different tools to each other at a high level.
This chart also allows a user to drill down into the vulnerability data in a different way. Clicking on one of the bars in the chart at a severity level brings the user to that view and take action based on the conext of that vulnerability data. For example, if a user only wanted to see Critical Nessus vulnerabilities, then clicking on the Nessus bar at the Critical level will bring the user to the list of all critical vulnerabilities found by Nessus. Note, this is especially useful if the organization is feeding in the results from multiple Nessus scanners to the same project in Nucleus.
The project overview chart is intended to give a snapshot of where the organization is currently from a vulnerability management perspective. The metrics contained within these circles are high level and allow a user to drill down into the data in different ways depending on the needs of the user.
All of the circles contained within this panel are clickable and allow you to view the data which the circle is describing. For example, if a user wants to see all exploitable vulnerabilities present in their organization, they could simply click on the "Exploitable Vulns" circle, and it will take them to a list of vulnerabilities which meet that criteria, with the ability to fully manage the vulnerability lifecycle for each of those vulnerabilities.
The metrics panel is meant to give a snapshot of the trends over time in the organization, without the need to go to the Vulnerability Trends page for a full in-depth view.
The metrics panel shows the same criteria as the vulnerability trends page, at benchmarked time periods. The bottom three panels on the vulnerability trends page correspond to the metrics panel on the project dashboard.
Note, if you have phishing assessments set up to be ingested into Nucleus, the trends over time for those tests will be displayed in the metrics panel as well.