Improve sorting & matching capabilities of Fleet UI vulnerabilities view

[nonpunctual]

Goal

User story
As a security engineer in the software tab,
I want to apply more granular vulnerability filters
so that I can figure out what to prioritize patching.

Context

• Requestor(s): @nonpunctual
• Product designer: @rachaelshaw

Changes

Product

• [ ] UI changes: Figma
• [ ] REST API changes:
  • Add filter parameters to list software titles API endpoint (min_cvss_score, max_cvss_score, cisa_known_exploit) - TODO API design PR
  • Add filter parameters to list software versions API endpoint (min_cvss_score, max_cvss_score, cisa_known_exploit) - TODO API design PR
• [ ] Outdated documentation changes: Update REST API docs
• [ ] Changes to paid features or tiers: New filters are available in Fleet Premium

Engineering

• [ ] Database schema migrations: TODO
• [ ] Load testing: TODO

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

• Requires load testing: TODO
• Risk level: Low / High TODO
• Risk description: TODO

Manual testing steps

1. Step 1
2. Step 2
3. Step 3

Testing notes

Confirmation

1. [ ] Engineer (@____): Added comment to user story confirming successful completion of QA.
2. [ ] QA (@____): Added comment to user story confirming successful completion of QA.

[nonpunctual]

@noahtalerman summary of discussion as problem statement. Thanks.

[rachaelshaw]

Original context from @nonpunctual:

Current State:

• All end users at customer organization have admin privileges on computers.
• Security tightly manages / monitors a subset of celebrity apps.
• There is less control over apps that users install on their own...
  • E.g., "How risky is Opera?"

Problem

The team wants to:

• triage problems faster
• be more proactive
• respond more quickly to trending threats

Tools other than Fleet have been tried for collecting data.

• Security team must massage data.
• Workflows are too hard, too manual.

Data in Fleet needs to be synthesized so it's:

• easier to read
• quicker to act on
• can be incorporated into regular checks
• easier to show to partners / execs / auditors

Desirable metrics & features:

• Better column sorting
  • Number of vulnerabilities
  • All high-risk vulnerabilities
    • a "cut list", eg,
      • 300 hosts with app that has low exploit risk - not important
      • 7 hosts with app that has high exploit risk - needs to be more visible
  • A high-severity column ("filter by severity") with links to CVEs
    • Display by severity with something like a "pivot table" of exploitability
  • Display an “actively exploited” value
    • SInce "actively exploited" is a binary value a toggle for this sort makes sense...

Potential solutions

1. Add columns & actively exploited toggle for searching & sorting in the Vulnerabilities view in Fleet UI per screen shots.

[sharon-fdm]

EST: BE 3 (bold) FE 8

[noahtalerman]

Hey @sharon-fdm, heads up, because this isn't in the current sprint I removed the assignee: Tim and Rachel.