Vulnerability Assessment in Nebula offers a detailed view of vulnerabilities in installed software on managed endpoints. This feature is essential for identifying weaknesses that malicious actors could exploit. Regular assessments enable organizations to proactively address risks from outdated or insecure software.
TIP - To keep vulnerability data current, set up a daily Inventory & Vulnerability Scan. If an endpoint is removed from Nebula, its associated vulnerabilities are automatically removed from the console within 48 hours.
To view and manage vulnerabilities in Nebula, go to Monitor > Vulnerabilities. There are 3 tabs on this page:
- Active Vulnerabilities: Shows current vulnerabilities on endpoints.
- Ignored Vulnerabilities: Lists vulnerabilities dismissed from Active Vulnerabilities.
- Resolved Vulnerabilities: Lists vulnerabilities addressed in the past 365 days.
Manage vulnerabilities
Users can view and ignore current vulnerabilities on the Active Vulnerabilities tab. They can also resolve them by updating applications through the Patch Management module.
If an installed application is not needed, remove it from the endpoint using the Software Inventory page. For more information, see Uninstall software with Vulnerability Assessment in Nebula.
Filter for important vulnerabilities
The quick filters at the top of the page help admins focus on specific sets of vulnerabilities. We suggest resolving vulnerabilities in this order:
- Ransomware Risk: Vulnerabilities linked to ransomware campaigns and require immediate attention.
- CISA Recommended: Vulnerabilities listed in the Cybersecurity and Infrastructure Security Agency (CISA) managed catalog of Known Exploited Vulnerabilities.
- Severity level: Vulnerabilities sorted by severity and impact.
Active Vulnerabilities table
The following information is displayed for each endpoint vulnerability.
| Column | Description |
|---|---|
| Application | Name of the vulnerable application. |
| Application version | Currently installed version of the application. |
| CISA recommended |
CISA recommends resolving this vulnerability. Click on the CVE number for resolution details.
|
| CVE |
The Common Vulnerability and Exposures (CVE) number as reported in the National Vulnerability Database.
|
| Description | Description of the vulnerability and how it is used to exploit the application. |
| Domain name | Name of the computer group the workstation belongs to. |
| Endpoint | Device name. |
| Group | Nebula group the endpoint belongs to. |
| Identified date | Date the vulnerability was detected on the endpoint. |
| OS platform | Windows or macOS. |
| OS release name | Public release name of the operating system. |
| OS type | Workstation or server. |
| OS version | Version of the operating system. |
| Severity |
Severity level of a vulnerability determined by using a calculated score based on Common Vulnerability Scoring System (CVSS) and by analyzing real data, with the following inputs:
|
| Update available | Identifies if the application can be updated directly from Nebula with Patch Management. If not, update the application manually to resolve the vulnerability. |
| Vendor | Vendor name of the vulnerable application. |
Ignore vulnerabilities
Ignoring vulnerabilities increases breach risks. It's essential to resolve them to prevent threats and unauthorized access. However, some vulnerabilities may not apply if an application must stay on a specific version.
For instance, if an in-house app relies on a specific Adobe version, updating it could break the app. In this case, the vulnerability can be ignored from the Active Vulnerabilities tab.
- Check the boxes for CVE numbers.
- Click Actions > Ignore.
- Review selected vulnerabilities in the pop-up.
- Choose how long to ignore the vulnerability:
- Permanent: Ignore until manually removed. Use sparingly as forgetting about this ignored vulnerability further increases risk.
- 30 or 60 days: Temporarily ignore and revisit later.
- Custom date: Ignore until a specific date.
- Provide a reason for ignoring the vulnerability. This helps other admins understand the decision.
- Click Ignore.
The vulnerability is moved to the Ignored Vulnerabilities tab. This tab adds the following columns to the table:
| Column | Description |
|---|---|
| Ignore duration | How long the vulnerability remains unaddressed. |
| Ignore reason | Admin's reason for ignoring the vulnerability. |
| Ignored date | Date an admin ignored the vulnerability from the Active Vulnerabilities tab |
| User | Admin who ignored the vulnerability. |
Restore ignored vulnerabilities
Ignored vulnerabilities reappear in the Active Vulnerabilities tab once their duration ends and can be re-ignored as needed.
For permanently ignored vulnerabilities, an admin must restore them manually from the Ignored Vulnerabilities tab, which can also be used to restore a vulnerability before its duration expires. To do this:
- Click on the Ignored Vulnerabilities tab.
- Check the box next to an ignored vulnerability.
- Click Actions > Restore.
- Click Confirm.
Edit ignored vulnerabilities
To update the duration or reason for an ignored vulnerability:
- Click on the Ignored Vulnerabilities tab.
- Check the box next to an ignored vulnerability.
- Click Actions > Edit.
- Update the duration or reason.
- Click Save.
Resolve vulnerabilities
If subscribed to the Patch Management module, admins can fix vulnerabilities directly from the Active Vulnerabilities tab by updating software.
- Check the boxes for specific CVE numbers.
- Click Actions > Update Software.
- In the confirmation window, click Update software.
- If the Update software button is grayed out, the application isn't supported for updating via Patch Management. Manually update the software by visiting the vendor's website. Filter the Update available column to Yes to check which applications can be patched with Patch Management.
After the software is patched, run an Inventory & Vulnerability scan. This updates the Active Vulnerabilities list and moves the vulnerability to the Resolved Vulnerabilities tab. The Resolved Vulnerabilities tab adds the following column to the table:
| Column | Description |
|---|---|
| Resolved Date | When the vulnerability was resolved. |
Return to Nebula Vulnerability Assessment guide.