Intelligence¶

Analyze vulnerabilities, findings, and generate professional security reports.

Overview¶

The Intelligence section transforms raw scan data into actionable security intelligence:

Vulnerabilities: Security weaknesses and issues
Findings: Security observations and notes
Reports: Professional documentation
Reporting Engine: Custom report generation

Vulnerabilities¶

What are Vulnerabilities?¶

Vulnerabilities are security weaknesses discovered during testing.

Vulnerability Information: - Title: Descriptive name - Severity: Critical/High/Medium/Low/Info - CVSS Score: Standardized severity (0-10) - Description: What the vulnerability is - Impact: Potential consequences - Affected Assets: Where it was found - Evidence: Proof of vulnerability - Remediation: How to fix it - References: CVE, CWE, external links

Severity Levels: - Critical (9.0-10.0): Immediate action required - High (7.0-8.9): High priority fix - Medium (4.0-6.9): Should be addressed - Low (0.1-3.9): Minor issue - Info (0.0): Informational only

Viewing Vulnerabilities¶

Access Vulnerabilities: 1. Navigate to Intelligence → Vulnerabilities 2. View all discovered vulnerabilities 3. Filter and sort as needed

Filters Available: - Severity level - Engagement - Asset type - Status (open/closed) - Date range - CVSS score range

Sort Options: - Severity (highest first) - CVSS score - Discovery date - Asset count - Status

See Vulnerabilities Guide

Managing Vulnerabilities¶

Vulnerability Lifecycle:

graph LR
    A[Discovered] --> B[Validated]
    B --> C[Assigned]
    C --> D[In Remediation]
    D --> E[Fixed]
    E --> F[Verified]
    F --> G[Closed]

Status Updates: - Mark as false positive - Assign to team member - Track remediation - Verify fixes - Close resolved

Bulk Actions: - Update multiple vulnerabilities - Export to CSV - Generate reports - Assign in bulk - Close in bulk

Findings¶

What are Findings?¶

Findings are security observations that may not be vulnerabilities but are noteworthy.

Finding Types: - Informational: Interesting observations - Best Practice: Recommendations - Configuration: Suboptimal settings - Compliance: Policy violations - Anomalies: Unusual patterns

Finding Information: - Title and description - Severity/priority - Affected assets - Evidence - Recommendations - References

Managing Findings¶

Finding Workflow: 1. Review finding 2. Validate accuracy 3. Assess impact 4. Document recommendations 5. Track resolution 6. Verify implementation

Finding Actions: - Add notes - Attach evidence - Link to vulnerabilities - Assign to team - Track status - Export data

Reports¶

Report Types¶

Executive Summary: - High-level overview - Key findings - Risk assessment - Recommendations - Non-technical language

Technical Report: - Detailed findings - Technical evidence - Exploitation details - Remediation steps - Technical appendices

Compliance Report: - Framework mapping - Compliance status - Gap analysis - Remediation plan - Evidence documentation

Trend Report: - Historical analysis - Vulnerability trends - Asset growth - Risk evolution - Comparative analysis

Generating Reports¶

Quick Report: 1. Navigate to Intelligence → Reports 2. Click Generate Report 3. Select template 4. Choose engagement/campaign 5. Configure options 6. Generate

Custom Report: 1. Use Reporting Engine 2. Build custom template 3. Select data sources 4. Configure layout 5. Generate and save

See Reporting Engine

Analytics¶

Vulnerability Analytics¶

Key Metrics: - Total vulnerabilities - By severity - By asset type - By engagement - Trend over time - Remediation rate

Visualizations: - Severity distribution (pie chart) - Vulnerability trend (line chart) - Top vulnerabilities (bar chart) - Asset vulnerability density (heat map)

Asset Analytics¶

Asset Metrics: - Total assets discovered - Asset growth rate - Assets by type - Assets by engagement - Asset relationships

Visualizations: - Asset type distribution - Discovery timeline - Relationship graph - Coverage heat map

Risk Analytics¶

Risk Metrics: - Overall risk score - Risk by asset - Risk by engagement - Risk trend - Risk reduction

Risk Calculation:

Risk Score = (Σ Vulnerability Severity × Asset Value × Exploitability) / Total Assets

Data Export¶

Export Formats¶

Available Formats: - CSV (data tables) - JSON (structured data) - PDF (reports) - XML (structured data) - HTML (web reports)

Export Options¶

Export Vulnerabilities: 1. Navigate to Vulnerabilities 2. Apply filters 3. Click Export 4. Select format 5. Download

Export Findings: 1. Navigate to Findings 2. Apply filters 3. Click Export 4. Select format 5. Download

Export Reports: 1. Generate report 2. Select export format 3. Download

Integration¶

SIEM Integration¶

Forward vulnerability data to SIEM:

Supported SIEMs: - Splunk - ELK Stack - QRadar - ArcSight - LogRhythm

Configuration: 1. Navigate to Configuration → Integrations 2. Select SIEM type 3. Configure endpoint 4. Set authentication 5. Test connection 6. Enable integration

Ticketing Integration¶

Create tickets automatically:

Supported Systems: - Jira - ServiceNow - GitHub Issues - Azure DevOps

Auto-Ticketing Rules: - Critical vulnerabilities → Immediate ticket - High vulnerabilities → Ticket within 24h - Medium vulnerabilities → Weekly batch - Low vulnerabilities → Monthly batch

API Access¶

Programmatic access to intelligence data:

# Get vulnerabilities
curl -H "Authorization: Bearer $TOKEN" \
  https://api.hive.darksidesecurity.io/vulnerabilities

# Get specific vulnerability
curl -H "Authorization: Bearer $TOKEN" \
  https://api.hive.darksidesecurity.io/vulnerabilities/VULN_ID

# Update vulnerability status
curl -X PATCH \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"status": "in_remediation"}' \
  https://api.hive.darksidesecurity.io/vulnerabilities/VULN_ID

Best Practices¶

Vulnerability Management¶

✅ Prioritize by Risk: Focus on critical/high first
✅ Validate Findings: Confirm before reporting
✅ Track Remediation: Monitor fix progress
✅ Verify Fixes: Retest after remediation
✅ Document Evidence: Keep proof

Reporting¶

✅ Know Your Audience: Tailor to readers
✅ Clear Language: Avoid jargon
✅ Provide Context: Explain impact
✅ Actionable Recommendations: How to fix
✅ Professional Presentation: Quality matters

Analysis¶

✅ Look for Patterns: Identify trends
✅ Correlate Findings: Connect related issues
✅ Track Over Time: Monitor improvements
✅ Benchmark: Compare to industry
✅ Continuous Improvement: Learn and adapt

Troubleshooting¶

Vulnerabilities Not Showing¶

Check: - Scans completed successfully - Results processed - Filters not hiding data - Correct engagement selected

Report Generation Failed¶

Verify: - Data exists - Template is valid - Permissions sufficient - Network connectivity

Export Not Working¶

Try: - Reduce data size - Check browser settings - Clear cache - Try different format