The Vulnerabilities Page

Shannon DeLange
Shannon DeLange Idea generator Vanta Team Member Conversation starter
  • Updated

Vanta's Vulnerability page is beneficial in providing a high-level overview of the detected, remediated, or ignored vulnerabilities on your servers and containers.

 

Vanta can pull data from the following vulnerability scanners for servers and containers:

  • AWS Inspector
  • Snyk
  • AWS ECR (Elastic Container Registry)
  • GCP GCR (Google Artifact Registry)
  • Azure Containers
  • Azure Defender for Containers and Virtual Machines
  • Github Dependabot

 

Screenshot 2023-08-30 at 12.58.46 PM.png

 

 

The Vulnerability page has tabs that focus on the following:

  • Findings by asset
    • Security vulnerabilities found on individual assets
  • Finding by vulnerability 
    • all found vulnerabilities 
  • Ignored
  • History
    • SLA misses & on-time remediations 
  • Settings
    • SLA settings and available integrations 

 

Findings by Vulnerability 

  • Identifier
  • Source 
  • CVEs
    • A known vulnerability with an assigned CVE ID number
  • CVE severity
    •  score assigned around how detrimental a breach of this vulnerability would be to your organization
  • Assets
    • The number of assets the vulnerability is found on
  • Due date
    • When remediation should be completed by
  • First Seen/Last Seen
  • Available Fix
    • Is a remediation or patch available for the vulnerability 

Screenshot 2023-08-30 at 4.56.37 PM.png

Vulnerability Settings 

  • When vulnerabilities are detected within your infrastructure, ensure that they are triaged and remediated on time through SLAs. You can create your own or use Vanta's recommendation.
  • Vanta creates SLAs based on the day that Vanta detects the vulnerability
  • These SLAs will be tracked in the History tab

Screenshot 2023-08-30 at 5.00.12 PM.png

If you previously set your SLAs for vulnerabilities, any changes made here will update your vulnerability settings across Vanta. Changes will be applied to new vulnerabilities and not affect any historical or currently open vulnerabilities.