2.2 Vulnerability Scanning
fusion center
A formal repository of information from enterprises and the government used to share information on the latest attacks.
Vulnerability scan
A frequent and ongoing process, often automated, that continuously identifies vulnerabilities and monitors cybersecurity progress.
Common Vulnerability Scoring System (CVSS)
A numeric rating system of the impact of a vulnerability.
log
A record of events that occur
credentialed scan
A scan in which valid authentication credentials, such as usernames and passwords, are supplied to the vulnerability scanner to mimic the work of a threat actor who possesses these credentials.
Security orchestration, automation, and response (SOAR)
A tool designed to help security teams manage and respond to the very high number of security warnings and alarms by combining comprehensive data gathering and analytics in order to automate incident response
Security Information and Event Management (SIEM)
A tool that consolidates real-time security monitoring and management of security information with analysis and reporting of security events.
Common Vulnerabilities and Exposures (CVE)
A tool that identifies vulnerabilities in operating systems and application software.
Intrusive scan
A vulnerability scan that attempts to employ any vulnerabilities which it finds, much like a threat actor
nonintrusive scan
A vulnerability scan that does not attempt to exploit the vulnerability but only records that it was discovered.
non-credentialed scan
A vulnerability scan that provides no authentication information to the tester
Log reviews
An analysis of log data
maneuvering
Conducting unusual behavior when threat hunting
threat feeds
Cybersecurity data feeds that provide information on the latest threats
false negative
Failure to raise an alarm when there is a problem
Threat hunting
Proactively searching for cyber threats that thus far have gone undetected in a network.
false positive
raising an alarm when there is no problem
