View Business Transaction Details

To view details for a specific business transaction, click any business transaction on the Business Transactions page.

The top pane is split into the following sections:

  • Business Risk Score, which includes six Business Risk Factors:
    • Vulnerabilities with High Exploitation Risk: Identifies business transaction vulnerabilities with Cisco Security Risk Score > 66.
    • Threat Activity: Identifies business transaction security events that match known attack types. See Monitor Attacks and Monitor Observations.
    • Usage of Unsafe External API: Identifies uses of external APIs that are unsafe.
    • Important Business Transaction: Identifies a business transaction that has a custom name.
    • Access to Datastore: Identifies a business transaction that has access to a datastore.
    • Publicly Accessible: Identifies a business transaction that is accessible from the internet.
  • Business Transaction: The name of the business transaction.
  • Application: The name of the application.
  • Daily Highest Business Risk Score Detected: A visualization of the Business Risk Score trend.
  • Top Recommended Actions: Top actions that you can take in order to remediate potential risks.

Vulnerabilities Tab

On the Business Transactions page, you can view the Vulnerabilities tab, which displays:

Field Name Description
Title The vulnerability type involved in the business transaction.
ID

The Common Vulnerabilities and Exposure (CVE) identifier. You can click the name to view the details specific to that CVE.
Cisco Security Risk Score The Cisco Security Risk Score provides an estimate of exploitation based on real-time events. These are the three statuses:
  • Green 0-33
  • Amber 34-66
  • Red 67-100
Reached

If there is an exclamation mark in this column, it means this vulnerable code has been reached.
CVSS Score This score is based on the Common Vulnerability Scoring System (CVSS) with five severities:
  • None 0-0
  • Low 0.1-3.9
  • Medium 4.0-6.9
  • High 7.0-8.9
  • Critical 9.0-10.0
Tier (Nodes)

The services or the tiers that are affected because of the selected vulnerability. The number indicates the number of affected nodes. The tier icon directs to the Splunk AppDynamics flow map for that tier.
Library The library affected because of the vulnerability. You can click the library to view the details of the library. See Monitor Libraries.
Last Detected The time duration since the vulnerability was last seen on the tier.
Status

The status of the selected vulnerability. The status value can be:

  • Detected (at least one vulnerability is detected in the library)
  • Confirmed (manually set by user after review)
  • Fixed (vulnerability is fixed)
  • Ignored (manually set by user after review)
  • Not Vulnerable (no vulnerabilities are found in the library)

The Detected and Fixed statuses are automatically detected based on the libraries used in the application.