Confidence level

Nils · ‎06-20-2023

TL;DR-Sweepy-Icon (1).png
This page explains the confidence level in greater detail, delving into the default filter and showing options to display the confidence level of CVEs.

The confidence level depicts the accuracy of vulnerability correlation, and can be categorized as either "Low" or "High." A high confidence level indicates a high degree of certainty that the vulnerability has been correctly identified and correlated, while a low confidence level implies a lesser degree of certainty. This additional information helps you gauge the reliability and credibility of vulnerability findings.

This article shows you how to adjust the default confidence filter, and how to check the confidence level for either all vulnerabilities, or for the vulnerabilities affecting a specific asset.

Adjust the confidence level filter

Your list of active vulnerabilities is filtered by confidence level by default. This means the list will only display Common Vulnerabilities and Exposures (CVEs) with a "High" confidence level.

If you want to adjust the confidence filter:

Go to Risk Insights > Active vulnerabilities.
Select Advanced filter view to adjust the default filter.
Alternatively, select the Advanced filter icon to adjust the filter.
Once you're happy with the filter, select Apply.

You can save your filters by hovering over Unsaved view and selecting Save view and configurations. Take a look at customizing the list of vulnerabilities for more information on custom views.

Display the confidence level

In some cases, you might want to see all CVEs regardless of their confidence level. Still, you may want to be able to track the confidence level for some CVEs.

Add the confidence column

Instead of opening each CVE for a detailed overview, you can add the confidence column to the list of vulnerabilities.

Go to Risk Insights > Active vulnerabilities.
Select Customize view.
In the list of available columns, add Confidence. You can adjust the position of the column to your liking.
Once you're happy with the custom view, select Apply.

You can save your custom view by hovering over Unsaved view and selecting Save view and configurations. Take a look at customizing the list of vulnerabilities for more information on custom views.

CVEs can have the value " 2 confidence" in the Confidence column. As the confidence level is calculated for each match between an asset and a CVE, some CVEs may have a confidence level with more than one value. This means that some affected assets will have a high confidence level, and some will have a low confidence level.
Confidence level 3.png

Inspect specific assets

If you want to focus on assets instead of certain CVEs, you can track the confidence level from the asset overview as well.

Go to Inventory.
Select the asset you want to inspect, and select Risk insights.
Track the confidence level for each listed CVE from the Confidence column.

By default, only active vulnerabilities with a high confidence level are displayed. You can select Show all active vulnerabilities or Show ignored vulnerabilities to inspect those as well.

Was this post helpful? Select Yes or No below!
Did you have a similar issue and a different solution? Or did you not find the information you needed? Create a post in our Community Forum for your fellow IT Heroes!
More questions? Browse our Quick Tech Solutions.