Granular Filters Make Security Data Easier to Understand

Bringing together thoughtfully designed dashboards with granular and flexible filter

Granular Filters Make Security Data Easier to Understand

Most of us are rightfully skeptical when we hear that a security solution provides a “single pane of glass” that will address everyone’s needs. The minute you show off what you think is a useful dashboard, you’ll probably get peppered with questions like these: 

  • “Can you drill down here and show me more?”
  • “Let’s compare this month with last month”
  • “I like the format, but I need this to include data from other tools”
  •  “What does this mean for my team?”
  • “Show me less detail…”
  • “Show me more detail…”

This is natural because we all have different perspectives, functions, and goals, which means that one size will never fit all. But that doesn’t mean that everyone needs a custom dashboard that is indecipherable by other teams. A useful security dashboard brings together lots of disparate data from different sources and helps you compare, analyze, and act on critical findings. To make this work you need both a thoughtfully designed dashboards along with granular and flexible filters that let every stakeholder slice and dice data to their hearts content.

A screenshot of a computerDescription automatically generated
Granular filters in the AppSOC dashboard

Granular filters are critical for security dashboards because they enable users to precisely control and customize the data they view, leading to more effective and timely decision-making. Granular filters allow security professionals to narrow down large datasets to the most relevant information, improving clarity and focus. This is especially important in environments where data is vast and complex, such as in application security, vulnerability management, cloud security and supply chains.

Which filters do you need? Probably most l of them…

AppSOC’s dashboards and user interface are designed to be intuitive, clear, and actionable, allowing users to drill-down to any level or rollup data by applications, hosts, business units, and more. But before you go down a rabbit hole of data discovery, you first need to filter findings along many axes to make it specific and useful for your needs.

Following is an overview of the many types of filters in the AppSOC platform that can be used in any combination:

Business and Application-Level Filters

  • Business Units: a global view might be useful for the CISO, but most of us focus on a specific part of the business, and need data relevant to what we can control.
  • Applications: likely you just want data on the applications you manage or are relevant to your business unit.
  • Life Cycle: are you looking for vulnerabilities in Development, Production, Staging, or Production? You will probably want to look at these separately or in some combination.
  • Security Categorization: as you drill down, you may want to only look at data around levels of Availability, Confidentiality, Network Exposure, or AppSOC scoring of True Risk. Or you may want a combination of these, focused just on High Risk. 
  • Source of Findings: if you have many tools you might want to combine all this data or separate it to analyze differences by specific tools. You decide.

Granular Security Filters

Now let’s really get granular. Even if you filter at the top level, security analysts will still have hundreds to thousands of findings they need to analyze. 

This is where AppSOC provides the most control and granularity in the ASPM market. These filters include:

A screenshot of a computerDescription automatically generated
Detailed security filters
  • Exploitability: using data from EPSS and CISA KEV, you can filter results and weight them based on a percentage likelihood of exploit.
  • Scoring: AppSOC factors in Base Scores – typically CVSS from scanners, Impact Scores – based on your business context, and overall Risk Score – calculated by AppSOC to minimize noise. On any of these you can filter by criticality or in any combination.
A screenshot of a computerDescription automatically generated
  • Red Flag Findings: you may also want to zero-in on findings from other industry sources including CISA KEV, OWASP Top 10, SANS Top 25, or the CWE Top 25, or any combination of these.
  • Findings With: perhaps you only want to look at Libraries, or Hosts, or you want to filter by CVE ID, or CWEs. More granularity.
  • Threat: this lets you filter by whether a vulnerability is Highly Functional, Proof of Concept, or Unknown, giving you granularity about potential exploitability.

Status and Ticketing Filters

Finally, from a management perspective, you don’t want to chase the same issues repeatedly. You can filter by whether an issue is being actively investigated, exceptions have been approved, or whether your team is keeping up with SLAs. These filters include:

  • Status: you can filter by issues that are under investigation, awaiting implementation, resolved, cancelled, fixed, or whether exceptions have been requested or approved for false positives or other reasons.
A screenshot of a surveyDescription automatically generated
  • Found In / Closed On: are you looking at the latest, or want to make sure old issues don’t fall through the cracks. These filters specify whether the issue was opened or closed in the 1 to 30 days, or any custom range.
  • Remediation Tickets: if an issue is already being addressed and the stakeholders have been notified, you can filter these and just look at ones that are new and not yet ticketed.

Looking at this list, it might seem complicated, but it’s not. None of these filters are required, or you may just use one simple filter. But if you want to get granular or the minute you show your dashboard to someone else, you can drill down, slice and dice along multiple axes, and surgically pinpoint exactly what you’re looking for, without noise or distractions. These capabilities have proven to be extremely popular with AppSOC customers, and set the platform apart from other tools in the industry.