Insights and Quick Wins

The Insights view provides an intelligent analysis of your vulnerability data, helping you prioritize remediation efforts through the Quick Wins system and comprehensive breakdown visualizations.

Quick Wins

Quick Wins are vulnerabilities that, if remediated, provide the highest security impact for the least relative effort. The system identifies these by scoring findings based on their severity, prevalence across your infrastructure, and actionability.

How Quick Wins are Calculated

Each unique vulnerability finding in your filtered scope is evaluated using a heuristic scoring model (0-100 points). Findings with higher scores are prioritized as “Quick Wins”.

Scoring Components

The total score is the sum of the following components:

1. Severity (Max 35 points)

The base severity of the vulnerability (CVSS) is heavily weighted. * Calculation: severity * 3.5 (capped at 10.0 severity)

2. Reach and Exposure (Max 30 points)

Findings that affect multiple hosts are prioritized as they allow for “bulk” remediation. * Calculation: number_of_hosts * 3 (capped at 10 hosts)

3. Actionability and Metadata (+30 points possible)

Vulnerabilities with clear identifiers and remediation guidance are easier to fix. * Known CVE: +10 points if the finding is mapped to a CVE ID. * Remediation Guidance: +10 points if the scan report includes a specific solution summary. * Software Level Patch: +10 points if the affected product is identified as a patchable software component (via CPE).

4. Homogeneity (+5 points possible)

If a vulnerability affects the same specific product across all hosts, it’s often easier to roll out a single patch or configuration change. * Single Product: +5 points if only 1 unique product is affected. * Small Product Set: +3 points if 2 or 3 unique products are affected.

Penalties

The score can be reduced if the finding is low-impact or difficult to action: * Low Urgency: -2 points if severity is below 4.0. * Low Actionability: -4 points if both CVE ID and remediation guidance are missing.

Example Calculation

Consider a High Severity (8.0) vulnerability affecting 5 hosts, with a known CVE and solution guidance:

  • Severity: 8 * 3.5 = 28

  • Exposure: 5 hosts * 3 = 15

  • CVE: +10

  • Solution: +10

  • Total Score: 63 points

Priority Ranking

Findings are displayed in the Insights dashboard as “Quick Wins,” sorted by their total score. Each Quick Win includes a brief rationale (e.g., “could reduce exposure on 5 hosts; known CVE; high severity”) to help administrators understand why it was prioritized.

Dashboard Components

Beyond Quick Wins, the Insights view includes several other critical visualizations:

Current Snapshot Semantics

Insights uses a deliberately simple current-state model: the latest XML scan day is treated as the source of truth.

When a single institution is selected, summary statistics, top hosts, breakdown charts, frequent vulnerabilities, and Quick Wins are calculated from that institution’s latest scan date inside the selected time range. Older findings for that institution are not shown as current if they are absent from the latest scan day. A complete clean XML scan with zero findings clears that institution from the current finding totals.

When All institutions is selected, the overview combines the latest XML scan activity for each institution separately. This avoids hiding institutions that were not scanned on the same day as the newest global upload.

Warning

Upload complete scans for the institution whenever possible. Because the latest XML scan day is authoritative, a partial CIDR scan, a single-host verification scan, or another incomplete upload can remove older findings from the current Insights widgets even if the omitted hosts were simply not scanned. Until coverage-aware scan superseding is implemented, do not use institution-wise partial uploads when you need reliable current-state totals.

Summary Statistics

At a glance, see the total number of findings, affected hosts, and the average severity across the current snapshot for your selected scope.

Host Risk Ranking

Displays the top vulnerable hosts, ranked by a combination of vulnerability count and average severity. This helps identify “hotspots” in your infrastructure.

Breakdown Charts

Distribution of vulnerabilities by various categories: - Severity: High, Medium, and Low distribution. - Institution: Vulnerability density by department or faculty. - Technology Stack: Breakdown by Operating System, Application, and Hardware. - Physical/Logical Location: Distribution by Room, Building, or Source.

Trend Analysis

Visualizes the vulnerability count over time. Each historical point is calculated as the current snapshot after XML scan activity on that date: for one institution it uses that institution’s latest XML scan day as of the point, and for All institutions it combines each institution’s latest XML scan day as of the point.

Filtering Insights

The Insights dashboard allows you to focus on specific subsets of your data: - Time Range: Analyze findings from recent scans (7d, 30d, 90d, 365d). - Institution: Filter by department or faculty. - Scope: View all findings or only those you are directly responsible for. - Deep Dive: Filter by specific Host, Product, or Vulnerability.