Dashboard

Owned by Nithin Jois (Unlicensed)
Last updated: Jun 20, 2018
3 min read

The Dashboard is the starting point for all your interactions with Orchestron and Vulnerability Management. From the Dashboard, the user can obtain useful details about the state of Application Vulnerabilities, with details like:

  • Vulnerability Severity
  • Average "Age" of Vulnerabilities in the System
  • Different Applications and their Vulnerability Severities


On Dashboard, information such as:

  • Severity status of the vulnerabilities found.
  • Grade of Applications depending on the number of open vulnerabilities.
  • Vulnerability details categorized by Applications, Tools used for scanning and OWASP (Open Web Application Security Project).
  • Activity timeline to keep track of scans run on each day

will be displayed. By default, the information displayed on dashboard will be for all applications.

1.1 Severity Status

Severity status of the vulnerabilities will be displayed as a chart as follow. Pink represents high severity, yellow as medium and blue as low severity while purple represents merely information. When you hover on each portion of the chart, the percentage of that severity will be displayed.

Severity Status on Dashboard


1.2 Vulnerabilities

Total Number of Co-related Open and Closed Vulnerabilities count across an Organization is represented on the Dashboard along with an Average number of days vulnerabilities have been open for.


Vulnerabilities on Dashboard


1.2.1 Open vulnerabilities

The open vulnerability count on the Dashboard is clickable. On clicking it, the user is directed to the organization-wide open vulnerability listing page.

Open vulnerabilities listing across all Projects




Multiple instances of a vulnerability appear as vulnerability variants on the open vulnerability listing page. When the user clicks on it, all the variants/aliases that are present organization-wide appear on the screen as shown in the figure.

Please note: 

  • Orchestron Community tries to correlate vulnerabilities by CWE. The tools that we allow through the webhook also support CWE (mostly). Please see Webhooks for more details. 
  • If Orchestron does not recognize the CWE or CWE is not provided by the tool, the CWE will be set by default to CWE-0. You, however have the ability to manually edit the vulnerability finding. 


Multiple variants for a vulnerability



When the user clicks on one of the application buttons in the open vulnerability listing page, the individual open vulnerability information page is displayed as shown below.

Individual open vulnerability information



1.2.2 Closed vulnerabilities

The closed vulnerability count on the Dashboard is clickable. On clicking the count, the user is directed to a closed vulnerability listing page as displayed in the figure.

Closed vulnerabilities listing


On clicking the application button, the individual closed vulnerability information page is displayed.


1.3 Vulnerabilities Ageing

Duration of vulnerabilities that have been opened is represented in vulnerabilities ageing graph as follow. When the line in the graph is hovered, you will see the detailed status as shown in the Figure.

Vulnerabilities Ageing on Dashboard


1.4 Vulnerability Details

Below severity status and grade, vulnerabilities can be found on dashboard as categorized by the characteristics and details as follow:


  • Applications to which the vulnerabilities belong to
  • Tools used for scanning
  • OWASP (Open Web Application Security Project)


1.4.1 Applications

In "Applications" tab, the vulnerabilities are grouped by the applications. As shown in the figure below, "Burp App" application has 34 vulnerabilities in total and "Bandit App" application has 22.

Vulnerability Details by Apps



1.4.2 Scan Tools

In this tab, you can find the vulnerabilities that were found by using different tools. In the below figure, there are 34 vulnerabilities found by the tool called "Burp" and 9 vulnerabilities found by the tool "ZAP".

Vulnerability Details by Scan Tools