Continuous Monitoring helps you track your vendors’ security posture in real time. Instead of relying on point-in-time assessments, this feature continuously evaluates risk and alerts you to important changes such as breaches, emerging vulnerabilities, or delays in resolving known issues.
Continuous Monitoring is especially helpful for admins, compliance managers, and security teams responsible for reviewing vendor security and maintaining ongoing visibility into risk.
Why Continuous Monitoring Matters
Continuous Monitoring moves you beyond static assessments to a live view of each vendor’s security posture. This helps you take action quickly when potential risks arise.
Key benefits
Proprietary scanning finds more vendor assets while reducing false positives and noise
Finding-level analysis adds expert context to each issue, powered by Vanta’s cybersecurity SMEs
Customizable alerts notify your team only about the types of findings that matter most
View Continuous Monitoring Availability
When you navigate to the Managed Vendors page, you’ll see which vendors have Continuous Monitoring available. This status appears in the Continuous Monitoring column.
Vendors already supported by Vanta’s monitoring feed show On
Vendors not yet supported display Off or Unavailable
When you add a new vendor and save it, Vanta automatically updates the column to indicate whether Continuous Monitoring is available for that vendor. No manual enablement or toggle is required.
Availability may differ by vendor type. If you add a vendor and don’t see monitoring available, confirm the vendor name and website match those in Vanta’s supported vendor list.
View Vendor Monitoring Feeds
To review findings for a monitored vendor:
Select a vendor with Continuous Monitoring enabled
Navigate to the Monitoring feed tab
Review findings, which include:
Severity level
Description of the issue
Recommended next steps
Select a finding to view more context, including severity, description, and recommended actions.
Set Continuous Monitoring Alerts
You can configure alerts to notify your team when new findings or breaches occur for monitored vendors. These alerts are available under your Vendor Settings → Alerts tab.
Each alert type corresponds to a different category of security signal—such as breaches, misconfigurations, or threat intelligence updates. You can turn each alert on or off, set the severity threshold, and define whether alerts apply to all vendors or only those within a specific inherent risk level.
To configure alerts:
Go to Vendor Settings > Alerts
Review the list of available alert types (for example, Threat intelligence, Vulnerabilities, Application security)
Use the toggle to turn on or turn off each alert type
Under Severity, select the threshold that should trigger notifications (for example, High and Critical)
Under Scope, select whether the alert should apply to all vendors or only those within a specific inherent risk level
Changes are saved automatically
These settings ensure your team receives relevant notifications without unnecessary noise.
Best Practices for Configuring Alerts
To get the most value out of alerts:
Keep High and Critical findings enabled across all vendors
Limit Low and Informational alerts to digest summaries or high-risk vendors
Review alert volume periodically to maintain a manageable signal-to-noise ratio
Confirm your delivery preferences (Slack, email, or webhook) are still active and authorized
Why a Vendor May Show “Continuous Monitoring: On” but Have No Alerts
If a vendor displays Continuous Monitoring: On without active alerts, it means the vendor is being scanned but no alerts are configured or triggered.
Common reasons include:
No alerts turned on: Continuous Monitoring runs automatically, but alert toggles are off
Scope mismatch: The vendor isn’t included in the selected inherent risk level
Filters too narrow: Alerts limited to Critical findings while vendor issues are Medium or Low severity
Muted or excluded findings: Some finding types are filtered out
Notification issues: Slack or email recipients not added or authorization expired
To fix this, review your settings under Vendor Settings > Alerts, verify vendor scope, and adjust filters or delivery options.
Please Note: Continuous Monitoring is most effective when paired with active alerting and regular vendor review. Viewing monitoring data alone will surface findings in Vanta, but configuring alerts ensures your team is notified in time to act.