The Vulnerability Management Lifecycle
Our platform guides you through a complete, four-phase lifecycle for every vulnerability.Phase 1: Creating a Scan Schedule
A Scan Schedule is a recurring, automated task that scans specified network segments for vulnerabilities.1
1. Navigate to Vulnerability Scanning
In the SDX dashboard, go to Security → Vulnerability Scanning and click Create Schedule.
2
2. Configure the Schedule
- Description: Give the schedule a clear name (e.g., “Weekly Main Office Scan”).
- Timing: Define the recurrence, such as the Day of Week, Time of Day (in a specific Timezone), and frequency (e.g., every 2 weeks). It’s best to schedule scans during off-peak hours.
- Targets: Select the Site(s) to scan and specify the exact Subnet(s) within each site (e.g.,
192.168.1.0/24). - Thresholds: Set the Minimum CVSS Score to report on. This helps filter out low-severity noise. You can also set a Warning Threshold to highlight high-priority vulnerabilities.
- Notifications: Choose a Notification Group to receive alerts when a scan is complete.
3
3. Save the Schedule
Click Save. The scan will automatically run at its next scheduled time.
Phase 2: Reviewing Scan Reports
After a scan completes, a detailed report is generated. You can find all historical reports in the main Vulnerability Scanning section of the dashboard. Each report summary provides key metrics at a glance:- Hosts Scanned: The number of unique devices discovered on the network.
- CVEs Found: The total number of vulnerability instances detected.
- Highest Score: The CVSS score of the most critical vulnerability found.
Phase 3: Triaging and Managing Vulnerabilities
The most important step is acting on the results. Our platform provides tools to help you investigate and manage the lifecycle of each discovered vulnerability.- Investigate a Device: From a scan report, you can drill down into a specific device (identified by its MAC address) to see all CVEs ever found on it.
- Get Mitigation Advice: For any given CVE, click the “Get Mitigation” button. Our AI engine will provide actionable, step-by-step guidance on how to fix the vulnerability, formatted in easy-to-read Markdown.
- Update the CVE Status: Once you have addressed a vulnerability (or chosen to accept the risk), update its status for that specific device. This is crucial for tracking remediation progress.
- Mark as Mitigated: Use this status when you have applied a patch or implemented a workaround.
- Mark as Accepted: Use this status if you determine the vulnerability is a false positive or represents an acceptable risk in your specific environment (e.g., the affected service is not exposed). You must provide a justification for auditing purposes.
On-Demand Scans
In addition to scheduled scans, you can trigger a scan at any time.- Run Schedule Now: From the list of scan schedules, click the “Run Now” button to immediately queue a scheduled scan.
- Scan a Single IP: Use the on-demand scan feature to instantly check a specific device you’ve just added to the network or recently patched.
Best Practices
Scan Consistently
Regular, scheduled scans are the key to maintaining an accurate view of your security posture. A weekly or bi-weekly cadence is a great starting point.
Focus on Critical CVEs First
Start by setting your
min_cvss threshold to 7.0 or higher to focus on High and Critical vulnerabilities. Once those are managed, you can lower the threshold to address medium-severity issues.Triage is Continuous
Vulnerability management is an ongoing process, not a one-time fix. Regularly review new scan results and triage any new findings to prevent security debt from accumulating.