Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 4. Viewing your vulnerable OpenShift Container Platform clusters in the Vulnerability Dashboard

In the Red Hat Lightspeed vulnerability, you can see the list of vulnerable clusters (also referred to as exposed clusters) in your organization. Information in this view helps you find information about your vulnerable clusters.

The following information is in the Clusters list:

  • Name: Shows the name of a vulnerable cluster that is affected by a CVE.
  • Status: Shows the connection status (Connected, Stale, Unknown, Active) of a cluster.
  • Version: Shows the Red Hat OpenShift Container Platform version (4.8+) of a cluster.
  • CVEs severity: Shows the severity level (Critical, Important, Moderate, Low) of the CVEs affecting the cluster.
  • Provider: Shows the name of the cluster’s cloud provider.
  • Last seen: Shows the last time (in the form of minutes, hours, or days) since information was last uploaded from the cluster to the Red Hat Lightspeed service.

You can filter and sort some of this information to better understand the information about your vulnerable clusters and images.

4.1. Navigating to the Clusters list view
Copy link

To start looking at your clusters, you need to navigate to the clusters listed in the Red Hat Lightspeed vulnerability. You can sort and filter information about your vulnerable clusters in the Clusters list view to help you focus on information that is important to your organization. To view data in the Clusters list view:

Prerequisites

  • Your Red Hat account and your cluster are registered to the same organization.
  • You have logged into the Red Hat Hybrid Cloud Console.
  • Your cluster has been registered to Red Hat OpenShift Cluster Manager. For more information about registering clusters, see Registering OpenShift Container Platform clusters to OpenShift Cluster Manager.
  • Your cluster has been active (Telemetry and the Insights Operator has sent data about your cluster) in the past 30 days. For more information about Telemetry and the Insights Operator, see About remote health monitoring.

Procedure

To make the most use of Red Hat Lightspeed, you can refine the Clusters list view results to:

4.2.1. Filtering results in the Clusters list view
Copy link

You can apply filters to a list of clusters in Red Hat Lightspeed so that you can focus on specific information, such as the severity rating of a CVE, or clusters in a specific version of Red Hat OpenShift Container Platform. After you select a CVE, you can apply filters to the resulting list of affected clusters.

The options for filtering in the Clusters list view are:

  • Name: Filters on the name of a vulnerable cluster that is affected by a CVE.
  • Status: Filters on the connection status (Connected, Disconnected, Stale, Unknown, Active) of a cluster.
  • Version: Filters on the version (Red Hat OpenShift Container Platform 4.8+) of a cluster.
  • CVEs severity: Filters on the severity level (All clusters, Critical, Important, Moderate, Low) of the security-related issue and the number of images affected in the cluster.
  • Provider: Filters on the name of the cluster’s cloud provider.

Prerequisites

  • Your Red Hat account and your cluster are registered to the same organization.
  • You have logged into the Red Hat Hybrid Cloud Console.
  • Your cluster has been registered to Red Hat OpenShift Cluster Manager. For more information about registering clusters, see Registering OpenShift Container Platform clusters to OpenShift Cluster Manager.
  • Your cluster has been active (Telemetry and the Insights Operator has sent data about your cluster) in the past 30 days. For more information about Telemetry and the Insights Operator, see About remote health monitoring.

Procedure

  1. Navigate to OpenShift > Vulnerability Dashboard > Clusters.
  2. Select a primary filter (for example, CVEs severity) from the drop-down list of filters.
  3. Select the secondary filter (for example, Filter by CVEs severity).
  4. Select a severity rating (for example, Critical). The selected filters appear below the filter selection menu.
  5. Review the resulting information. Clusters vulnerable to CVEs with a severity level of Critical show first in the list.
Important

The default view is All clusters which shows all clusters, even those not vulnerable to any CVE. Remove this filter if you want to only show clusters that are affected by at least one CVE reported by Red Hat Lightspeed.

Filters remain active until you deselect them or leave a Red Hat Lightspeed session. Reset or deselect unneeded filters to avoid unintended results. To deactivate filters, click the X next to each filter (or any default filters) that you selected.

4.2.2. Filtering clusters by CVE severity ratings
Copy link

You can apply filters to a list of clusters in Red Hat Lightspeed so that you can focus on information such as the severity level of a CVE. Red Hat applies severity ratings to CVEs using a four-point scale of Critical, Important, Moderate, and Low. You can filter the CVEs, starting with the most Critical, to help you begin to take actions to protect your organization.

Prerequisites

  • Your Red Hat account and your cluster are registered to the same organization.
  • You have logged into the Red Hat Hybrid Cloud Console.
  • Your cluster has been registered to Red Hat OpenShift Cluster Manager. For more information about registering clusters, see Registering OpenShift Container Platform clusters to OpenShift Cluster Manager.
  • Your cluster has been active (Telemetry and the Insights Operator has sent data about your cluster) in the past 30 days. For more information about Telemetry and the Insights Operator, see About remote health monitoring.

Procedure

  1. Navigate to OpenShift > Vulnerability Dashboard > Clusters.
  2. Click the drop-down filter list.
  3. Select the CVEs severity primary filter.
  4. Click the Filter by CVEs severity secondary filter.
  5. Deselect All clusters.
  6. Select a severity level (for this example, select Critical). You will see a list of clusters that have CVEs rated with the severity level of the option you selected.
  7. (Optional) Click any of the clusters shown in the Name column to obtain more information about the CVEs that potentially affect that cluster.
  8. (Optional) You can click the Exposed images tab to see exposed images in the cluster.

In Red Hat Lightspeed, you can use the CVEs Severity filter to show clusters affected by CVEs with ratings of Critical, Important, Moderate, or Low. The default filter, All clusters, shows both vulnerable clusters with their CVE severity ratings, as well as clusters not vulnerable to CVEs.

4.2.3.1. CVE severity indicators
Copy link

Four icons represent the CVEs severity ratings from Critical to Low. The numbers beside the icons represent the respective number of CVEs with that severity type affecting that cluster. This representation allows you to quickly assess issue severity. The most critical issues will be displayed on the left with a color-coded red icon with an exclamation point in the middle. The icons represent increasingly lower severity rating levels when viewed from left to right.

icons indicating four severity levels

4.2.3.2. CVE severity filtering by context
Copy link

The CVE severity ratings in the Clusters list view are filtered by context. Each filtered result is always shown in context of the most important, or higher-level rating. If you filter by the CVEs severity option of Critical you see a similar result as shown in the following image. This example shows several clusters affected by one critical CVE each.

example highlighting several clusters affected by one critical CVE each

If you change the filter to Important, you see that the top cluster has 26 CVEs with a severity level of Important. You also see any additional CVEs affecting the cluster as well as their severity levels. Note the Critical CVEs still showing in this filter by Important. Even though the cluster list is not filtered by the CVEs severity rating of Critical, the filter still takes into account the importance of the Critical severity, and shows the number of CVEs rated as Important along with the critical CVEs, as shown in the following image.

example highlighting several clusters affected by CVEs with a severity level of Important

In this same filter session, results show a cluster with zero CVEs with a Critical severity rating, and 32 CVEs with a severity level of Important, as shown in the following image.

highlight of clusters with CVEs rated with a severity level of Important

Filtering in this context helps you see the most important information first.

4.2.4. Sorting cluster data
Copy link

In the Clusters list view, you can sort the following columns:

  • Name: Shows the name of a vulnerable cluster that is affected by a CVE
  • Status: Shows the connection status (Connected, Stale, Not applicable or N/A) of a cluster
  • Version: Shows the Red Hat OpenShift Container Platform version (4.8 or later) of a cluster.
  • CVEs severity: Shows the severity level (Critical, Low, Moderate, Important) of the security-related issue and the number of images affected in the cluster.
  • Provider: Shows the name of the cluster’s cloud provider (AWS, Azure, etc.). This will vary as more cloud providers become available.

Additional Resources

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat