Skip to main content

Vulnerability Management

Tripl-i's Vulnerability Management module provides comprehensive visibility into security vulnerabilities across your IT infrastructure. By automatically correlating discovered software and operating systems with known vulnerabilities from the National Vulnerability Database (NVD), you can proactively identify and address security risks before they become threats.

Why Use Vulnerability Management?

Reduce Security Risk

  • See your true exposure: Know exactly which unpatched vulnerabilities exist in your environment
  • Prioritize effectively: Focus remediation efforts on critical and actively exploited vulnerabilities first
  • Track progress: Monitor your security posture improvement over time with clear metrics

Save Time and Resources

  • Eliminate manual tracking: Automatic correlation between software inventory and known vulnerabilities
  • Reduce false positives by up to 89%: Version-aware matching ensures you only see vulnerabilities that actually affect your installed versions
  • Automatic resolution: Vulnerabilities are automatically marked as resolved when software is upgraded or patched

Meet Compliance Requirements

  • Audit-ready reporting: Export vulnerability data for compliance audits
  • Document remediation: Track status, assignments, and resolution dates
  • Evidence collection: Maintain a complete history of vulnerability discovery and remediation

Key Capabilities

Intelligent Vulnerability Detection

FeatureBenefit
Version-Aware MatchingOnly vulnerabilities affecting your exact software versions are reported
Patch IntelligenceWindows patches (KBs) are automatically factored in to exclude already-fixed CVEs
Auto-ResolutionVulnerabilities are automatically resolved when software is upgraded or a patch is installed
Exploit AwarenessActively exploited vulnerabilities are flagged for priority attention

Complete Remediation Workflow

  • Status Tracking: Move vulnerabilities through stages (Open → Acknowledged → In Progress → Resolved)
  • Team Assignment: Assign vulnerabilities to team members with due dates
  • Ticketing Integration: Link vulnerabilities to your ticketing system for seamless workflow
  • Notes & History: Add investigation notes and maintain a complete audit trail

Module Components

The Vulnerability Management module consists of four main components:

1. Active Vulnerabilities

The central dashboard for managing vulnerabilities affecting your infrastructure. View statistics, prioritize remediation efforts, and track progress through resolution.

2. CVE Database

A comprehensive database of Common Vulnerabilities and Exposures (CVEs) synchronized from the National Vulnerability Database. Search and explore vulnerability details including severity scores, affected products, and available patches.

3. CPE Dictionary

The Common Platform Enumeration (CPE) dictionary maps software products to standardized identifiers, enabling accurate vulnerability matching across different naming conventions.

4. KB-CVE Mappings

For Windows environments, this component tracks which Microsoft Knowledge Base (KB) patches fix which CVEs, ensuring accurate exposure calculations.

How Vulnerability Detection Works

The vulnerability detection process happens automatically during discovery scans:

  1. Software Discovery: Network scans collect installed software and operating system information from your devices
  2. Product Identification: Software is matched to standardized CPE (Common Platform Enumeration) identifiers
  3. Vulnerability Matching: CPEs are correlated with known vulnerabilities from the NVD, checking version ranges
  4. Patch Filtering: Installed patches are checked against KB-CVE mappings to exclude already-fixed vulnerabilities
  5. Exposure Reporting: Only true, unpatched vulnerabilities are reported and tracked

Automatic Resolution

Vulnerabilities are automatically resolved when:

  • Software is upgraded: If you update to a version that's no longer vulnerable
  • Software is removed: If the vulnerable software is uninstalled
  • Patches are applied: When a Windows KB patch that fixes the CVE is installed

Getting Started

To begin using Vulnerability Management:

  1. Ensure Discovery is Running: The module relies on discovery scans to collect software inventory
  2. Navigate to SAM > Vulnerability Management: Access the module from the main navigation
  3. Review Active Vulnerabilities: Start with the dashboard to understand your current exposure
  4. Explore the CVE Database: Research specific vulnerabilities affecting your systems
  5. Plan Remediation: Prioritize and assign vulnerabilities for resolution

Keeping Data Current

The vulnerability database requires regular synchronization to maintain accurate coverage.

CVE Synchronization

Use the CVE Sync Dashboard to keep vulnerability data up to date:

Sync ModePurposeWhen to Use
Microsoft KB SyncUpdates Windows patch-to-CVE mappingsWeekly (after Patch Tuesday)
NVD Delta SyncFetches CVEs modified in the last 7 daysDaily (recommended)
New Software OnlyEnriches newly discovered software entriesAfter initial setup or adding new software
Full SyncComplete synchronization of all modesInitial setup or repair
FrequencySync ModePurpose
DailyNVD Delta SyncCatch newly disclosed and modified CVEs
WeeklyMicrosoft KB SyncAlign with Windows Patch Tuesday updates
As neededNew Software OnlyEnrich newly discovered applications
QuarterlyFull SyncComprehensive database refresh

Automatic Enrichment

New software discovered during scans is automatically enriched with vulnerability data—no manual sync required for newly discovered applications.

Data Sources

Tripl-i integrates with authoritative vulnerability data sources:

SourceData Provided
NIST NVDCVE details, CVSS scores, affected products, version ranges
Microsoft MSRCKB-to-CVE mappings for Windows patch intelligence
CISA KEVKnown Exploited Vulnerabilities catalog for actively exploited threats
EPSSExploit Prediction Scoring System probabilities

Best Practices

Prioritize Effectively

  1. Start with known exploits: Address vulnerabilities flagged as actively exploited first
  2. Focus on critical/high severity: Tackle CVSS 7.0+ vulnerabilities before lower severity issues
  3. Consider asset criticality: Prioritize vulnerabilities on business-critical systems

Maintain Data Quality

  1. Run regular syncs: Enable daily NVD Delta syncs to stay current
  2. Keep discovery running: Schedule regular scans to ensure software inventory is accurate
  3. Review after patching: Run a scan after applying patches to verify vulnerability resolution

Track Progress

  1. Use the workflow: Move vulnerabilities through status stages to track remediation
  2. Assign owners: Ensure every critical vulnerability has an assigned remediation owner
  3. Set due dates: Establish SLAs for vulnerability resolution based on severity

Common Questions

Why don't I see all CVEs for a software product?

Tripl-i uses version-aware matching, which means only CVEs that affect your specific installed version are shown. This eliminates false positives where a CVE might affect version 1.0-1.5, but you have version 2.0 installed.

Why did some vulnerabilities disappear after a scan?

The system uses automatic resolution. Vulnerabilities are automatically resolved when:

  • Software is upgraded to a non-vulnerable version
  • A Windows patch (KB) that fixes the CVE is installed
  • The vulnerable software is removed

How often should I sync the CVE database?

For most environments, we recommend:

  • Daily: Run NVD Delta Sync to catch newly disclosed vulnerabilities
  • Weekly: Run Microsoft KB Sync after Patch Tuesday
  • Full Sync: Only needed for initial setup or troubleshooting

What does "Known Exploit" mean?

Vulnerabilities flagged with "Known Exploit" have confirmed exploit code available in the wild. These should be prioritized for immediate remediation as attackers can actively leverage them.