F-Secure Radar ticketing

I personally don’t use ticketing systems integrated in VM solutions. I think it’s hard to explain IT guys why they should use yet another ticketing system for patching tasks only additionally to their main Jira or whatever they use (see “Vulnerability scanners: a view from the vendor and end user side“).

But I assume that for some companies this feature may be useful or even critical.

Anyway, it’s always nice to see how the vendor works with vulnerability data to get some ideas for own ticketing procedures (see “VM Remediation using external task tracking systems“).

In F-Secure Radar you can create tickets at “Vulnerabilities” tabs. Here is the a whole list of detected vulnerabilities (filtered by CVSS > 8 by default).

F-Secure Ticketing

You can filter them by family mane, vulnerability name, host, scan group, severity (CVSS), etc.:

F-Secure Filter Vulnerabilities

And then choose some vulnerabilities and create a new ticket:

New Тicket Wizard

Ticket attributes: name, description, deadline, assigned user, priority. This ticket may be assigned to a F-Secure Radar user.

New Ticket Wizard 2

Here is our new ticket and some filtering options (by assigned user, ticket status and deadlines):

New Ticket

This user may change statuses of vulnerabilities, for example mark it as already patched or false positive.

Ticket Details

Statuses And Activities

Available ticket statuses (New, Accepted, Test, Invalid, Fixed, Duplicate):

Ticket Statuses

After the ticket is fixed, related hosts may be rescanned.

Confirmation And Rescan

I wanted to check, what if the host won’t be available during the rescan. I switched off virtual machine and started rescan task.

Scan Initialized

As you can see, F-Secure, visualize that vulnerabilities has gone (-10 -15 -3 -6).

no difference between failed and all patched scan

Is this behavior correct? In my opinion, it’s not. I prefer to see the proof, that the host was scanned normally and the scanner didn’t detect vulnerability there because applications version changed. That’s why I prefer to code this logic for myself using raw vulnerability data and don’t use standard ticketing systems and dashboards.

However, F-Secure Radar has pretty advanced ticketing options. A it’s nice that you can manage it automatically using the API.

2 thoughts on “F-Secure Radar ticketing

  1. Pingback: F-Secure Radar Vulnerability Management solution | Alexander V. Leonov

  2. Pingback: Gartner’s view on Vulnerability Management market | Alexander V. Leonov

Leave a Reply

Your email address will not be published. Required fields are marked *