The Vulnerabilities Page

  • Updated

Vanta's Vulnerability page is beneficial in providing a high-level overview of the detected, remediated, or ignored vulnerabilities on your servers and containers.

Vanta can pull data from the following vulnerability scanners for servers and containers:

  • AWS Inspector
  • Snyk
  • AWS ECR (Elastic Container Registry)
  • GCP GCR (Google Artifact Registry)
  • Azure Containers
  • Azure Defender for Containers and Virtual Machines
  • Github Dependabot

The Vulnerability page has tabs that focus on the following:

  • Findings by asset
    • Security vulnerabilities found on individual assets
  • Finding by vulnerability 
    • all found vulnerabilities 
  • Deactivated
  • History
    • SLA misses & on-time remediations 
  • Settings
    • SLA settings and available integrations 

Findings by Vulnerability 

  • Identifier
  • Source 
  • CVEs
    • A known vulnerability with an assigned CVE ID number
  • CVE severity
    •  score assigned around how detrimental a breach of this vulnerability would be to your organization
  • Assets
    • The number of assets the vulnerability is found on
  • Due date
    • When remediation should be completed by
  • First Seen/Last Seen
  • Available Fix
    • Is a remediation or patch available for the vulnerability 

Visual Information 

  • From the Findings by asset page, you will see 
    • Asset scan coverage by source 
    • Asset SLA Status 

Screenshot 2024-03-22 at 10.15.13 AM.png

  • From the Findings by Vulnerability page, you will see
    • Vulnerabilities by severity level
    • SLA tracking 

Screenshot 2024-03-22 at 10.16.59 AM.png

Vulnerability Settings 

  • When vulnerabilities are detected within your infrastructure, ensure they are triaged and remediated on time through SLAs. You can create your own or use Vanta's recommendation.
  • Vanta creates SLAs based on the day that Vanta detects the vulnerability
  • These SLAs will be tracked in the History tab

Screenshot 2023-08-30 at 5.00.12 PM.png

If you previously set your SLAs for vulnerabilities, any changes made here will update your vulnerability settings across Vanta. Changes will be applied to new vulnerabilities and not affect any historical or currently open vulnerabilities.