Vulnerability Alerts

Detected vulnerabilities generate alerts based on:

  • Technologies in use assets

  • CVE integrations (such as InsightVM or Qualys)

  • CVEs added by the Threat Command API

  • CVEs added by Rapid7 Extend browser

    Viewing alerts is described in Viewing vulnerability alerts.
    You can customize which threats trigger alerts using the Exploitable Data > Vulnerabilities section of the Alert Profiler.

The conditions that you can use to customize alert triggering are described here.

In addition to alerts triggered by rules that you create, you can use the Alert on events option to add alerts to existing alerts when the following events occur:

EventNew event since the existing alert was created
Exploit is availableA new exploit was published.
CVE is trendingA CVE has started trending (daily, weekly, or monthly).
Severity score increaseThe Severity score has increased.
CVSS score increaseThe CVSS has increased.

When you enable these options, additional alerts will be generated on vulnerabilities that already have alerts, if an exploit becomes available or the CVE starts trending. For more information, see Creating Alerts from Events.

Viewing vulnerability alerts

Vulnerability alerts are managed and displayed in the Alerts page.

To filter for vulnerability alerts from the Alerts page:

  • From the Alerts page, click the Source Type  filter and select VRA.

To view vulnerability alerts from the Vulnerabilities page:

  • From the Vulnerabilities page, click View Alert.

The key differences between vulnerability alerts and other alerts are as follows:

  • The Source URL is always from NVD.
  • The Source type is always VRA.
  • Matched assetsare from CVEs that originated from the Technologies in use asset.
  • Clicking Vulnerability details will open the CVE in the Vulnerabilities page.

Each vulnerability also has a Decision Parameters tab to describe why it was elevated to an alert.