Choose which Workout to do first, and get on top of the assets and issues you're responsible for
Autobahn Fit is a powerful suite of tools that can help both security professionals and beginners identify and address vulnerabilities in companies. In this article, we will guide you through the process of interpreting the scanning results and show you how to remediate any vulnerabilities found.
This guide is intended for users with the General User role. If you do not see any data in your account, please contact someone in your organization with the Admin or Owner role, and request that they assign you to assets or issues that you are responsible for. This will ensure that you have access to the relevant information.
Table of content
1. Remediate with Workouts
Upon logging in, you will see the Cyber Fitness Workouts page. Workouts are step-by-step guides that remediate the root cause of vulnerabilities, thereby closing multiple issues in one go.
The Workouts listed here are those that are assigned to you.
They are sorted by how much a Workout will improve your company's security posture (as measured by the Hackability reduction). They are also be labeled by the Effort it takes to do them. This means that you can prioritize which Workout to work on first, based on the Hackability reduction and Effort that it takes to do it.
Tagging your issues and assets comes in handy when managing Workouts: you can filter your Workouts page and Setup tab (inside the Workout detail page) based on tags. This way you know which Workouts apply to specific areas of your organization.
Clicking on a Workout opens a page that consists of two tabs:
- Workout: step-by-step instructions to remediate the issues
- Setup: a list of assets and issues with the same root cause assigned to you
You can also download the Workout as a PDF, and the list of assets as a .csv in case it makes it easier for you to work with, or in case you want to share it with someone from your team.
After finishing a Workout, there are two ways to label its associated issue(s) as remediated:
- Labeling the issue(s) from the Individual Issues page
- By running a re-scan. If the asset(s) and port(s) are still reachable but the issue(s) not found, it/they will be automatically be labeled as Remediated by the platform
2. Manage your assets
As the person responsible for managing assets, we recommend you to tag your assets to manage them more efficiently. By tagging your assets, you will be able to filter your Workouts easily. There are different tags you can use, for example:
-
Location
-
Team
-
OS
-
Network
If you are using integrations from third-party tools, your tags will be carried over.
What matters is using a tag (or multiple tags) that ultimately helps you in the long run. You can also start with one type of tag, and expand it afterwards. You can tag your assets from the Asset detail (article detail here) or in bulk from the Assets page (article detail here).
3. Review your issues
You can view issues that are assigned to you on the Issues page. To manage your issues more efficiently, we recommend you also tag your issues. This will make it easier to filter your Workouts.
After doing a Workout, you can either wait for a re-scan, or label the issue as "Remediated" directly from the Individual issues page. You can refer to this article to get familiar with the various issue statuses.
If something is a false positive, or if you agree to accept the risk, you can also label the issues as "False positive" or "Risk accepted", respectively. If your organization has enabled the Dual-Control principle, you will be asked to select a reviewer to approve your status update.
Make use of the Risk accepted button. Not all issues are fixable, at least not with a reasonable investment. If you can't fix something but are aware that it's there, make sure to quarantine your asset, report it, and then label the finding as Risk Accepted