Skip to content

CVE Management

CVE data is refreshed from external sources and matched to your CMDB. Platform operators may configure API keys (NVD, Shodan, Cisco PSIRT) at deployment level; tenant admins manage scanner behavior in the UI.

Configuration

Section titled “Configuration”

  1. Go to VulnerabilitiesConfiguration (/vulnerabilities/configuration).

  2. Review enabled sources (e.g. NVD, CISA KEV) and scanner options for your tenant.

  3. Trigger a feed sync or asset scan when permitted. Progress and history appear on the configuration page.

  4. Open Vulnerabilities or By asset to review new matches after sync completes.

Remediation tracking

Section titled “Remediation tracking”

On a CVE or asset-vulnerability row, update remediation status (e.g. open, in progress, mitigated, accepted risk) and link work to changes or incidents as needed.

Matching quality

Section titled “Matching quality”

Matching uses CPE-style attributes from assets. Incomplete vendor/model/firmware data reduces accuracy — normalize asset records after discovery imports.

See also

Section titled “See also”