Login
    Contents x
    Vulnerability Management
    • 21 Mar 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    Contents

    Vulnerability Management

    • Updated on 21 Mar 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    Article summary

    WHAT IS VULNERABILITY MANAGEMENT AND WHY IS IT IMPORTANT?

    Vulnerability management is a critical process that continuously assesses and tracks vulnerabilities across enterprise assets and other components of the organization’s infrastructure. Vulnerability management aims for timely remediation of vulnerabilities to minimize the window of opportunity for attackers.

    Promptly identifying and addressing vulnerabilities reduces the likelihood that a vulnerability will be exploited. Additionally, it reduces the exposure to compromise of a system component or sensitive data.

     

    CONTROLS THIS DASHBOARD REPORTS ON

    This dashboard reports on your organization’s level of compliance with these controls:

    NIST CSF v2.0: Subcategory ID.RA-08: Processes for receiving, analyzing, and responding to vulnerability disclosures are established

    PCI-DSS v4.0.1: Requirement 11.3 External and internal vulnerabilities are regularly identified, prioritized, and addressed

    CIS CSC v8.1: Control 7 Continuous Vulnerability Management, and Safeguards 7.5, 7.6, and 7.7


    PRIMARY KEY PERFORMANCE INDICATOR (KPI)

    The dashboard reports on this Primary KPI:

    Numerator: Count of vulnerability records that are either closed, or are open but are within their due date

    Denominator: Count of all vulnerability records

     

    COLUMNS DISPLAYED ON THE DETAIL DASHBOARD

    • Compliance Status
    • Hostname – hostname where the vulnerability was discovered
    • Host Vulnerability ID, Vulnerability Description, Vulnerability Key, Vulnerability MAC, Vulnerability IP – vulnerability details
    • Vulnerability Source – data feed that sourced the vulnerability details
    • Severity, SLA Status, Status Open, SLA Days, CVSS Score, First Found, Last Found, Due Date, Resolved Date – attributes of the vulnerability
    • Application Name, Application ID – application information if applicable
    • PCI Context – whether the device is in scope for PCI DSS
    • Owner Full Name, Owner Email Address, Owner ID, Owner Job Title - Owner for remediation of the vulnerability
    • Manager Employee ID, Manager Full Name, Manager Email Address - Employee's manager
    • Executive VP, Senior VP, VP / Executive Director - Management chain for the Employee
    • Level 5, Level 6 - Additional levels of management for the Employee


    OCSF TABLES USED BY THE DASHBOARD

    • Vulnerability Finding [2002]
    • Asset Management View
    • User Inventory Info [5003]
    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence