Dashboard Toolbox - VM DASHBOARD: Microsoft CryptoAPI Spoofing (CVE-2020-0601) v2

Document created by DMFezzaReed Employee on Jan 15, 2020Last modified by DMFezzaReed Employee on Apr 15, 2020
Version 9Show Document
  • View in full screen mode

This page contains information to create a Microsoft CryptoAPI Spoofing (CVE-2020-0601) Dashboard v2 leveraging data in your Qualys Vulnerability Management subscription. 

Jan 22, 2020 DMFezzaReed

 

Version 1 of this dashboard uncovered a bug in the "Group By" function within the widgets which has been corrected in Version 2.  I have removed the original json and replaced it with a new file. 

 

  • The bug found was related to grouping by "Vulnerability by OS". 
  • The widgets have be updated to now group by Asset "Operating System".  

 

April 2020: In preparation for GA release, this dashboard has been reviewed and improved to leverage current product functionality.

 

Vulnerability Management Dashboard BETA Closed with the Release of Portal 3.0

Cloud Platform (QWEB 10.0, Portal 3.0)

 

Related Qualys Blog Post: Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) – How to Detect and Remediate   

Related Community Discussion: CVE vs. QID  Added Jan 20, 2020

 

Additional Community Posts: 

 

Vulnerability Details

 

Consider the possibilities for this dashboard.  It could be updated to report by status (vulnerabilities.status: [NEW,ACTIVE,REOPENED,FIXED]), or patchable vs. configuration (vulnerabilities.vulnerability.patchAvailable: TRUE/FALSE).  For examples of widgets using these tokens, please visit Dashboard Toolbox - Top 10 Vulnerabilities Scorecard BETA.

 

IMPORTANT: Importing Dashboard and/or Widget JSON files - Enable historical data collection

 

When you export dashboard(s) and/or widget(s) that have "Enable historical data collection" turned on, and then import them later, you will have to manually "Enable historical data collection" following your import.  This is by design.  The action of turning on this feature starts the clock for data retention.

 

 

If you have any questions, please post them below, contact your TAM, or Contact Support - Technical Assistance Inquiry Form | Qualys, Inc..

 

 

 

Back to Dashboards and Reporting Resources - Start Here 

Back to Dashboard Toolbox - New Vulnerability Management (VM) Dashboard BETA [CLOSED] 

Outcomes