1. Introduction
The Environments page of Phoenix Security gives you a glimpse of the current Environment risk status individually and as a whole. The page is also equipped with an Impact & Severity Explorer which allows you to drill down and inspect which components are on critical or high risk levels, making it easy for you to mitigate vulnerabilities as quickly as possible.
This page also lists down all Environments set up in your Phoenix Security Dashboard as well as adding, exporting and importing Environments.
The Environments page is divided into four sections, namely:
- Overall Environments Risk Score
- Overall Risk Breakdown
- Impact & Severity Explorer
- Environments List
Each section will be discussed in more detail below.
2. Overall Environments Risk Score
The Overall Environments Risk Score page gives you the general risk assessment of your Environments. It indicates the current risk level in the form of a colour-coded speedometer-type dial and large text.
When you hover over the dial, the risk score shows up.
There are two additional options available below the dial:
Reporting – [Coming soon]
Details – redirects you to the Vulnerability page to provide you with a comprehensive list of vulnerability information per Component.
The list is searchable by CVE (Common Vulnerabilities and Exposures) or Component Name, and filtered by Application, Component, Sub-Component, and Vulnerability Type.
A tally board indicates the number of Vulnerabilities per risk level.
So you can focus on the most pressing issues, the list can be sorted in ascending or descending order by Vulnerability Severity or Days Open by clicking their respective column title.
For a full discussion of the Vulnerability page, please refer to this guide.
3. Overall Risk Breakdown
The Overall Risk Breakdown section displays the breakdown of vulnerabilities per to risk level. It uses a colour-coded pie chart with labels showing the percentages of each risk level.
Below the chart is a progress indicator showing the current number of risks fixed out of the total number of risks for all Applications.
4. Impact & Severity Explorer
The Impact & Severity Explorer lets you drill down and dig deep into your Applications to determine which Components are on critical, high, medium, and low risk level. You can zoom in and out of your Environment using the interactive colour-coded heat map.
There’s also an option to download a snapshot of the active heat map on display. Click the arrow down icon at the top right corner of the heat map.
5. Environments List
The Environments List displays the Environments configured in your Phoenix Security Dashboard including the Environment Risk Score, Criticality, Accountable User, and Organization Name where it belongs. The list also indicates if a Jira Workflow exists for an Environment.
In addition, you can perform actions such as add, edit, and delete Environments on this section and will be discussed below.
6. Managing Environments
Here are the steps to perform basic Environment-related actions in your Phoenix Security instance.
a. Creating an Environment
- On the Navigation Menu, click Environments.
- Scroll down and go to the Environments section. Then click the “Add Environment” button.
- Complete the following fields:
- Environment Name – name assigned to the Environment.
- Threshold – sets the tolerance level for the Environment.
- Criticality – determines how critical the Environment is (low, medium, or high).
- Value – sets the cost equivalent of the Environment.
- Accountable User – assigns the person or user primarily accountable for the Environment.
- Tags – assigns tags to help identify and search for the Environment.
You also have the option to check the “Link to Jira Project” if you have Jira already integrated into your Phoenix Security account.
- Click the “Create Environment” button.
To create multiple Environments, you can use the CSV Import feature using these steps:
- On the Navigation Menu, click Environments.
- Scroll down and go to the Environments section. Then click “Download Template”
- Open the CSV template and follow the format to enter the Environment details.
- Save the CSV template and upload it to Phoenix Security by clicking the “Import CSV” button.
A message confirms that you have successfully uploaded the file and added the new Environment(s).
b. Updating an Environment Data
- On the Navigation Menu, click Environments.
- Scroll down and go to the Environments section. Hover your mouse over the Environment that you want to update and click Edit (pencil icon)
- Edit the field(s) you want to update in the Update Environment form.
You can also add a new Component or edit/delete an existing one. For more details on managing Components, please refer to this guide.
- Click “Save” or “Save and Show Environments”.
c. Deleting an Environment
- On the Navigation Menu, click Environments.
- Scroll down and go to the Environments List. Look for the Environment where you want to delete and click Delete (bin icon)
- Confirm that you want to delete the Environment by clicking the “Delete” button.
d. Viewing, Exporting, and Importing Environments
- On the Navigation Menu, click Environments.
- Scroll down until you see the Environment List.
3. To export the Environments list, click “Export Environments” link at the top left corner of the list.
4. To import a list of new Environments into Phoenix Security, click “Download Template” to download the CSV template you will use to import the new Environments.
- Open the CSV template file and follow the format to enter the Environment details.
- Save the CSV template and upload it to Phoenix Security by clicking the “Import CSV” button.
A message confirms that you have successfully uploaded the file and added the new Environments.