¶ Registry system
Registry sytem created to store and control serialized and aknowledged records regarding issues that was found during analyze using other Cryeye tools (Uptime monitor, Audit system, etc...)
¶ Types
Registry system using 4 types of records:
- Vulnerability
- Incident
- Risk
- Checklist
¶ Vulnerability record information
Vulnerability record allows to store information regarding vulnerability of your asset.
Data that can be set:
- Severity: One of Cryeye severy levels
- CVSS: CVSS V3.1 value
- CVSS Vector: CVSS V3.1 Vector value. Recommended calculator
- CWE: Mitre CWE number of issue. Can be set directly, or selected as one of weakness data using
Show all weaknessesbutton and choosing item (Select itembutton):
- Recommendation: Advises how to resolve problem
- Location: Specific affected place
See mo about cwe link allows you to open cwe mitre website with all details about selected CWE
¶ Incident record information
Incident record allows to store information regarding incident that happend.
Data that can be set:
- Severity: One of Cryeye severy levels
- Abuse type: Level of possible incident usage
- Risk: Affected field
- Complexity: How complex is incident
- Priority: Level of priority of resolving incident
- Impact: Level of impact that incident caused
- Internal: Incident is inside your company? Yes/No
- Manager review required: Does manager have to review? Yes/No
- Government review required: Does Government representative have to review? Yes/No
- Affected: Info what exactly was affected
- Responsible: Info about responsible person, team or company
- Remediation: Ways to resolve incident
- Final Verdict: Resolution that was proceeded under incident to resolve it
¶ Risk record information
Risk record allows to review possible situation that may happen and review its priority and ways to be resolved.
Data that can be set:
- Severity: One of Cryeye severy levels
- Risk: Affected field
- Probability: Level of possible incident usage
- Priority: Level of priority of resolving incident
- Affected: Info what exactly was affected
- Responsible: Info about responsible person, team or company
- Remediation: Ways to resolve risk
- Response: Resolution that was proceeded under incident to resolve it
Risk level is set automaticaly, following map bellow:
¶ Checklist record information
Checklist record allows to track if all requred actions was completed or what should be done.
Data that can be set:
- Checklist element can be added, modified or removed
- Elements can be added as child of other element. Deep level: 2 (element - child - child):
When element is selected as completed, parent element also will be marked as completed if all other elements are completed.
¶ Basic data and control
On the right side of screen is located control panel.
It is divided on separate logic blocks.
Update record info - will open modal where you can update record title, description and state.
Create report - generate report. Feature under development
Save - Save all report data changes
Delete record - delete record and all related data.
Show record sources - Is active in case if original data that used for creating record is available. It will open modal with data.
Related assets - It will open modal window with assets related with registry. You can add or remove workspace assets for record
Show related file(s) - Modal window with related files. Show edit will allow to remove not needed elements
Show activities - Registry change logs modal. Please review Activities documentation for more details
CVSS vector calculator - Link to https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
Add step to reproduce - Will show modal window to add step to reproduce to record:
Add file - will show modal to add new files to record:
under control panel you can see blocs with related records and users. Please review Related users and Related records documentation blocs
¶ Steps to reproduce
To all registry records, except checklists steps to reproduce can be added.
They are located below main record info
You can change steps order using dropdown menu on the element
¶ Control step to reprocude
Red bin - remove record and related info
Blue save icon - save changes in step description / response / request
Arrows - show or hide response & request fields
Attachmenst control is same as for registry. Step to repoduce attachments also will be shown with all files in record.
Blue folder - review all attachments for specific step.
Green import file - add new file
¶ Comments
Commenst are located in th bottom of the page
To write new comment use form under comments. You can also attach files for photos.
You can edit comment details during 3 days
¶ Related users
You can add users to the list of connected persons
Edit users will open modal window to proceed removing existing replations or add new users to record
¶ Related records
You can connect other records to one as reference
Edit connections will open modal window to proceed removing existing replations or add new records to current
¶ Activities
Activities allows you to review who and how changed registry record(s).
