Vulnerability Management
NopeSight's Vulnerability Management module provides comprehensive visibility into security vulnerabilities across your IT infrastructure. By automatically correlating discovered software and operating systems with known vulnerabilities from the National Vulnerability Database (NVD), you can proactively identify and address security risks before they become threats.
Key Benefits
Proactive Security Posture
- Automated Discovery: Vulnerabilities are automatically identified during network scans without manual intervention
- Real-time Visibility: Stay informed about new vulnerabilities affecting your infrastructure as they're discovered
- Risk Prioritization: Focus on the most critical issues with severity-based categorization
Accurate Exposure Assessment
- Version-Aware Matching: Only vulnerabilities that actually affect your installed software versions are reported
- Patch Intelligence: Installed Windows patches (KBs) are automatically considered to eliminate false positives
- True Exposure Calculation: See which vulnerabilities are actually unpatched in your environment
Streamlined Remediation
- Status Workflow: Track vulnerabilities from discovery through resolution
- Assignment & Collaboration: Assign vulnerabilities to team members or teams
- Integration Ready: Link vulnerabilities to your ticketing system for seamless workflow
Module Components
The Vulnerability Management module consists of four main components:
1. Active Vulnerabilities
The central dashboard for managing vulnerabilities affecting your infrastructure. View statistics, prioritize remediation efforts, and track progress.
2. CVE Database
A comprehensive database of Common Vulnerabilities and Exposures (CVEs) synchronized from the National Vulnerability Database. Search and explore vulnerability details.
3. CPE Dictionary
The Common Platform Enumeration (CPE) dictionary maps software products to standardized identifiers, enabling accurate vulnerability matching.
4. KB-CVE Mappings
For Windows environments, this component tracks which Microsoft Knowledge Base (KB) patches fix which CVEs, ensuring accurate exposure calculations.
How It Works
Discovery Scan
│
├─→ Software Inventory Collection
│ │
│ └─→ CPE Matching
│ │
│ └─→ CVE Correlation
│ │
├─→ Patch Collection │
│ (Windows KBs) │
│ │ │
│ └─→ Patched CVE Identification
│ │
│ ▼
└─────────────────→ TRUE EXPOSURE
(Unpatched Vulnerabilities)
- Discovery: Network scans collect installed software and operating system information
- CPE Matching: Software is matched to standardized CPE identifiers
- CVE Correlation: CPEs are correlated with known vulnerabilities from NVD
- Version Filtering: Only vulnerabilities affecting your specific versions are included
- Patch Consideration: Installed patches are factored in to exclude already-fixed CVEs
- Exposure Reporting: True unpatched vulnerabilities are reported and tracked
Getting Started
To begin using Vulnerability Management:
- Ensure Discovery is Running: The module relies on discovery scans to collect software inventory
- Navigate to SAM > Vulnerability Management: Access the module from the main navigation
- Review Active Vulnerabilities: Start with the dashboard to understand your current exposure
- Explore the CVE Database: Research specific vulnerabilities affecting your systems
- Plan Remediation: Prioritize and assign vulnerabilities for resolution
Data Sources
NopeSight integrates with authoritative vulnerability data sources:
- NIST NVD: The National Vulnerability Database provides CVE details, CVSS scores, and affected products
- Microsoft MSRC: For Windows environments, Microsoft Security Response Center data maps patches to CVEs
- CISA KEV: Known Exploited Vulnerabilities catalog flags actively exploited threats
Related Topics
- Active Vulnerabilities - Managing discovered vulnerabilities
- CVE Database - Exploring vulnerability details
- CPE Dictionary - Understanding software identification
- KB-CVE Mappings - Windows patch mapping