28 lines
1.4 KiB
Markdown
28 lines
1.4 KiB
Markdown
# Product Overview
|
|
|
|
The STEAM Security Dashboard is a self-hosted vulnerability management tool for the NTS-AEO-STEAM and NTS-AEO-ACCESS-ENG business units. It centralizes CVE tracking, Ivanti host finding triage, AEO compliance posture monitoring, FP/Archer exception workflows, and internal documentation in a single interface.
|
|
|
|
## Core Capabilities
|
|
|
|
- Searchable CVE list with per-vendor tracking and document storage
|
|
- NVD API integration for auto-populating CVE metadata
|
|
- Ivanti/RiskSense integration for syncing open host findings with FP workflow tracking
|
|
- Reporting page with charts, advanced filtering, inline editing, and CSV/XLSX export
|
|
- Ivanti Queue for batch-processing FP, Archer, and CARD workflows
|
|
- AEO Compliance page with weekly xlsx upload, diff preview, per-team metric health cards, and device-level violation tracking
|
|
- Archer risk acceptance ticket tracking (EXC numbers) linked to CVE/vendor pairs
|
|
- Knowledge base for internal documentation and policies
|
|
- Role-based access control (viewer, editor, admin) with full audit trail
|
|
|
|
## User Roles
|
|
|
|
| Role | Permissions |
|
|
|------|------------|
|
|
| viewer | Read-only access to all data |
|
|
| editor | All viewer permissions plus create/update operations |
|
|
| admin | All editor permissions plus delete, user management, and audit log access |
|
|
|
|
## Teams Tracked
|
|
|
|
Only **STEAM** and **ACCESS-ENG** teams are tracked in the compliance module.
|