Viewing IBM Concert data

When you integrate IBM® Instana Observability with IBM® Concert, you can view vulnerability data from Concert in the Instana user interface (UI). This integration helps you review common vulnerabilities and exposures (CVEs) and other non-CVE vulnerabilities in the context of your Instana-managed applications and services.

Before you begin

Before you can review Concert vulnerability data from the Instana UI, you must integrate your Concert and Instana instances.

Viewing all vulnerabilities

You can review CVEs and other vulnerabilities from across your Instana-managed environment by selecting Vulnerabilities from the Instana navigation menu. The Vulnerabilities page includes a CVEs tab and a Detections tab.

CVEs

The CVEs tab shows a list of vulnerabilities across all containers with their severity, affected entities count, name, and the date they were identified.

Vulnerabilities CVE tab
Figure 1. Vulnerabilities CVE tab

To view detailed information about a specific CVE, select it from the list. The detailed view includes the following information:

  • CVSS severity, affecting entities count, and reported date
  • Vulnerability description
  • List of affected applications
  • List of affected entities

Vulnerabilities CVE tab details
Figure 2. Vulnerabilities CVE tab details

Detections

The Detections tab shows a list of instances where individual CVEs were detected across all containers. Each detection includes the maximum risk score, CVSS severity, name, affected entity, reported date, and status.

Vulnerabilities Detections tab
Figure 3. Vulnerabilities Detections tab

To view detailed information about a specific detection, select it from the list. The detailed view includes the following information:

  • Reported date, current state, risk score and severity
  • Vulnerability description
  • List of associated applications

Viewing vulnerabilities for an application

You can view the vulnerabilities in the containers that are used by a specific application on the application dashboard.

  1. From the navigation menu in the Instana UI, select Applications.
  2. Select an application from the list.
  3. Select the Vulnerabilities tab.
  4. To view detailed information about a specific CVE detection, select it from the list.

Application dashboard Vulnerabilities tab
Figure 4. Application dashboard Vulnerabilities tab

Viewing vulnerabilities for a container

You can view the vulnerabilities in a specific container on the container dashboard.

  1. From the navigation menu in the Instana UI, select Infrastructure.

  2. From the infrastructure map, use the grouping flyout to change the perspective to Container, as shown in the following example:

    Infrastructure map
    Figure 5. Infrastructure map

  3. From the resulting container map, select a container and click Open dashboard.

  4. Open the vulnerabilities dropdown menu to display a list of up to 10 severe vulnerabilities for the container. To view detailed information about a specific CVE, select it from the list. At the end of the list, select View vulnerabilities to see the complete list of vulnerabilities for the container.

Container dashboard dropdown
Figure 6. Container dashboard vulnerabilities list