Improve Sorting & Matching Capabilities In Fleet UI Vulnerabilities View

[nonpunctual]

Current State:

• All end users at customer organization have admin privileges on computers.
• Security tightly manages / monitors a subset of celebrity apps.
• There is less control over apps that users install on their own...
  • E.g., "How risky is Opera?"

Problem

The team wants to:

• triage problems faster
• be more proactive
• respond more quickly to trending threats

Tools other than Fleet have been tried for collecting data.

• Security team must massage data.
• Workflows are too hard, too manual.

Data in Fleet needs to be synthesized so it's:

• easier to read
• quicker to act on
• can be incorporated into regular checks
• easier to show to partners / execs / auditors

Desirable metrics & features:

• Better column sorting
  • Number of vulnerabilities
  • All high-risk vulnerabilities
    • a "cut list", eg,
      • 300 hosts with app that has low exploit risk - not important
      • 7 hosts with app that has high exploit risk - needs to be more visible
  • A high-severity column ("filter by severity") with links to CVEs
    • Display by severity with something like a "pivot table" of exploitability
  • Display an “actively exploited” value
    • SInce "actively exploited" is a binary value a toggle for this sort makes sense...

Potential solutions

1. Add columns & actively exploited toggle for searching & sorting in the Vulnerabilities view in Fleet UI per screen shots.

[nonpunctual]

@noahtalerman summary of discussion as problem statement. Thanks.