Vanta's Vulnerability page is beneficial in providing a high-level overview of the detected, remediated, or ignored vulnerabilities on your servers and containers.
Vanta can pull data from the following vulnerability scanners for servers and containers:
- 13 Penetration Testing & Scanning
- Aikido Security
- AWS ECR (Elastic Container Registry)
- AWS Inspector
- Azure Containers
- Azure Defender for Containers and Virtual Machines
- Cacilian Pentest and Scanner
- Coana
- Crowdstrike
- Darkspot by Contxt
- DeepSource
- EdgeBit Security
- GCP GCR (Google Artifact Registry)
- Github Dependabot
- GitLab
- Heyhack
- Lacework
- Lumenova AI
- Microsoft Defender for Endpoint
- Orca Security
- Prancer
- Qualys
- SentinelOne
- Snyk
- Socket Security
- SOOS Security Analysis
- Tenable
The Vulnerability page has tabs that focus on the following:
-
Findings by asset
- Security vulnerabilities found on individual assets
-
Finding by vulnerability
- all found vulnerabilities
-
Deactivated
- vulnerabilities that have been ignored
-
History
- SLA misses & on-time remediations
-
Settings
- SLA settings and available integrations
Findings by Vulnerability
- Identifier
- Source
-
CVEs
- A known vulnerability with an assigned CVE ID number
-
CVE severity
- score assigned around how detrimental a breach of this vulnerability would be to your organization
-
Assets
- The number of assets the vulnerability is found on
-
Due date
- When remediation should be completed by
- First Seen/Last Seen
-
Available Fix
- Is a remediation or patch available for the vulnerability
Visual Information
- From the Findings by asset page, you will see
- Asset scan coverage by source
- Asset SLA Status
- From the Findings by Vulnerability page, you will see
- Vulnerabilities by severity level
- SLA tracking
Vulnerability Settings
- When vulnerabilities are detected within your infrastructure, ensure they are triaged and remediated on time through SLAs. You can create your own or use Vanta's recommendation.
- Vanta creates SLAs based on the day that Vanta detects the vulnerability
- These SLAs will be tracked in the History tab
If you previously set your SLAs for vulnerabilities, any changes made here will update your vulnerability settings across Vanta. Changes will be applied to new vulnerabilities and not affect any historical or currently open vulnerabilities.