Vanta's Vulnerability page is beneficial in providing a high-level overview of the detected, remediated, or ignored vulnerabilities on your servers and containers.
Vanta can pull data from the following vulnerability scanners for servers and containers:
13 Penetration Testing & Scanning
Aikido Security
AWS ECR (Elastic Container Registry)
AWS Inspector
Azure Containers
Azure Defender for Containers and Virtual Machines
Cacilian Pentest and Scanner
Coana
Crowdstrike
Darkspot by Contxt
DeepSource
EdgeBit Security
GCP GCR (Google Artifact Registry)
Github Dependabot
GitLab
Heyhack
Lacework
Lumenova AI
Microsoft Defender for Endpoint
Orca Security
Prancer
Qualys
SentinelOne
Snyk
Socket Security
SOOS Security Analysis
Tenable
The Vulnerability page has tabs that focus on the following:
Findings by asset
Security vulnerabilities found on individual assets
Finding by vulnerability
all found vulnerabilities
Deactivated
vulnerabilities that have been ignored
History
SLA misses & on-time remediations
Settings
SLA settings and available integrations
Findings by Vulnerability
Identifier
Source
CVEs
A known vulnerability with an assigned CVE ID number
CVE severity
score assigned around how detrimental a breach of this vulnerability would be to your organization
Assets
The number of assets the vulnerability is found on
Due date
When remediation should be completed by
First Seen/Last Seen
Available Fix
Is a remediation or patch available for the vulnerability
Visual Information
From the Findings by asset page, you will see
Asset scan coverage by source
Asset SLA Status
From the Findings by Vulnerability page, you will see
Vulnerabilities by severity level
SLA tracking
Vulnerability Settings
When vulnerabilities are detected within your infrastructure, ensure they are triaged and remediated on time through SLAs. You can create your own or use Vanta's recommendation.
Vanta creates SLAs based on the day that Vanta detects the vulnerability
These SLAs will be tracked in the History tab
If you previously set your SLAs for vulnerabilities, any changes made here will update your vulnerability settings across Vanta. Changes will be applied to new vulnerabilities and not affect any historical or currently open vulnerabilities.