Vulnerability Response asset discovery

Vulnerability data can be imported from internal and external sources, such as the NVD, CWE, and third-party integrations. You can compare vulnerability data to CIs and software identified in the Asset Management module.

You can do the following:
  • Compare vulnerability-related data, if a vulnerability is found in an asset.
  • Escalate it by creating change requests, problem records, and security incident records (if Security Incident Response is activated).
  • Manage vulnerable items individually, grouped by the vulnerability or CI. Each vulnerability is represented by a vulnerability entry in the library, from the NVD, or a third-party source. Multiple CVEs can be related to a single third-party vulnerability.
  • Use Common Weakness Enumeration (CWE) records downloaded from the CWE database for reference when deciding whether a vulnerability must be escalated. Each CWE record also includes an associated knowledge article that describes the weakness. You cannot escalate a vulnerability from the Common Weakness Enumerations page. That page is for reference only.