Redesign Vuln Details Page: Overview Section

[schmelz21]

💡 Summary

Redesign the Overview section of the Vulnerability Details page.

Motivation and context

An effort to improve the user interface includes a full redesign of the Vulnerability Details page. This issue addresses the Overview section which is also the first frame of the page. Issue references Story - STRY0010680.

Implementation notes

• Create a new webage - staging-cd.crossfeed.cyber.dhs.gov/inventory/vulnerability/<new page>
• Update layout and graphics as presented in this ticket
• Add functional code (links out, data loads)
• Update date/time stamps in accordance to ISO 8601 (Ex. 2023‐09‐27T20:21:22Z) - https://www.iso.org/iso-8601-date-and-time-format.html

Acceptance criteria

• A new webpage is created.
• Webpage cannot be reached by an external link.
• Graphical updates made with intended functionality
• Merge with staging envirionment.
• Update does not get pushed to production.

Redesigned Overview Section

Full Page Redesign Plan

Old Design

[schmelz21]

@ameliav - "make certain that the data feed(s) and UI account for more than one CWE." Example: https://nvd.nist.gov/vuln/detail/CVE-2023-24845

[schmelz21]

@ValeriaReveles , Adding @ameliav for knowledge transfer on this issue.

[ameliav]

Hi @dmfezzareed @schmelz21,

Where can I find the data for "Installed (Known) Products" as shown in the Overview Section? The data as presented is currently not found in the database (per Andy checking the database).

Thanks

[ameliav]

Hi @schmelz21 and @dmfezzareed,

Per Dane about the Vulnerability Details data needed for issues #2306, #2307, #2308, #2309: "I have a scan to pull it into the P&E database, but I don't think we have a way to pull it into Crossfeed yet, but I think it makes more sense if we move that over into Crossfeed".
We'll need a ticket for someone to move the needed data into Crossfeed. This will block these issues from full completion.

How the whole thing looks as of now:

Also, "Add new note" at the end is not functional. A new notes field and API will need to be added to the database. I will also need to know how the notes should be displayed.

[schmelz21]

@ameliav, @DJensen94, @rapidray12, @dmfezzareed
For awareness, tracking missing data points in this ticket for Issues Redesign Vuln Details Page: Overview Section, Redesign Vuln Details Page: CVC Highlight, Redesign Vuln Details Page: CVE References & CWE, Redesign Vuln Details Page: Severity, Affected, History & Notes

Vul_Details_blocker_2306.xlsx

Will follow-up with sidebar meeting to discuss next steps.

[dmfezzareed]

Hi @dmfezzareed @schmelz21,

Where can I find the data for "Installed (Known) Products" as shown in the Overview Section? The data as presented is currently not found in the database (per Andy checking the database).

Thanks

@ameliav I have no idea what database you may be looking in, but the XFD Asset Inventory contains the Known Products. Steps to find the information in production XFD FrontEnd are as follows:

1. Log into https://crossfeed.cyber.dhs.gov/
2. Navigate to https://crossfeed.cyber.dhs.gov/inventory/domain/1ddd8119-1917-4f5a-8453-40eb3a3a95bb

cc @schmelz21

[dmfezzareed]

Hi @schmelz21 and @dmfezzareed,

Per Dane about the Vulnerability Details data needed for issues #2306, #2307, #2308, #2309: "I have a scan to pull it into the P&E database, but I don't think we have a way to pull it into Crossfeed yet, but I think it makes more sense if we move that over into Crossfeed". We'll need a ticket for someone to move the needed data into Crossfeed. This will block these issues from full completion.

How the whole thing looks as of now:

Also, "Add new note" at the end is not functional. A new notes field and API will need to be added to the database. I will also need to know how the notes should be displayed.

@ameliav - Please schedule a meeting to discuss. 30 minutes. I'm out 1/12 and 1/15, otherwise, please find a time that works for the following Required attendees: @nickviola @DJensen94
Optional attendees: @schmelz21 @Matthew-Grayson @aloftus23

[schmelz21]

Section of dashboard built in Re-design Vulnerability details page.