====================== Vulnerability Tracking ====================== IScorE provides a Vulnerability Tracking interface to allow Red Team to coordinate and share information on what vulnerabilities exist in the present scenario and which teams are vulnerable to them. ---------------------- Browse Vulnerabilities ---------------------- 1. On the left side-bar menu, click on “Red Area” if it is an option. 2. On the left side-bar menu, click on “Vulnerabilities”. A page like the one below should appear. .. image:: images/vuln_overview.png 3. By using the buttons above the table, the displayed data can be sorted either by vulnerability or team. The "by vulnerability" view lists each vulnerability, and the state of that vulnerability for that team. This is the default view. The "by team" view will show one team per row, and list the state of each vulnerability for that team. Refer to the legend at the top to determine the vulnerable state. 4. In the "by vulnerability" view or "by team" view, click on a team or vulnerability in the "Affected Teams" or "Vulnerabilities" column, respectively, to add or view details on how this vulnerability affects the team. -------------------------- View Vulnerability Details -------------------------- To view details about a particular vulnerability, click on the bold vulnerability name when in the "by vulnerability" view. The detail page, pictured below, shows the vulnerability description, as well as which teams are affected. The right side shows comments about how each team is affected. .. image:: images/vuln_detail.png Here, details about the vulnerability may be edited. Additionally, a new team report can be added by clicking on "Add Team", or the team's number in the "Affected Teams" widget. -------------------- Create Vulnerability -------------------- 1. From the "Vulnerability Overview" page, choose "Create Vulnerability" The form below will appear. .. image:: images/create_vulnerability.png 2. Provide a title for the vulnerability. The title should be clear and specific enough to characterize and distinguish the vulnerability. 3. Provide a description for the vulnerability. The description should describe how the vulnerability is to be exploited, and what type of access the vulnerability provides. Markdown may be used to format the description. 4. Press "Submit" to create the vulnerability.