Vulnerability Alerts
Detected vulnerabilities generate alerts based on:
-
Technologies in use assets
-
CVE integrations (such as InsightVM or Qualys)
-
CVEs added by the Threat Command API
-
CVEs added by Rapid7 Extend browser
Viewing alerts is described in Viewing vulnerability alerts.
You can customize which threats trigger alerts using the Exploitable Data > Vulnerabilities section of the Alert Profiler.
The conditions that you can use to customize alert triggering are described here.
In addition to alerts triggered by rules that you create, you can use the Alert on events option to add alerts to existing alerts when the following events occur:
| Event | New event since the existing alert was created |
|---|---|
| Exploit is available | A new exploit was published. |
| CVE is trending | A CVE has started trending (daily, weekly, or monthly). |
| Severity score increase | The Severity score has increased. |
| CVSS score increase | The CVSS has increased. |
When you enable these options, additional alerts will be generated on vulnerabilities that already have alerts, if an exploit becomes available or the CVE starts trending. For more information, see Creating Alerts from Events.
Viewing vulnerability alerts
Vulnerability alerts are managed and displayed in the Alerts page.
To filter for vulnerability alerts from the Alerts page:
- From the Alerts page, click the Source Type filter and select VRA.
To view vulnerability alerts from the Vulnerabilities page:
- From the Vulnerabilities page, click View Alert.
The key differences between vulnerability alerts and other alerts are as follows:
- The Source URL is always from NVD.
- The Source type is always VRA.
- Matched assetsare from CVEs that originated from the Technologies in use asset.
- Clicking Vulnerability details will open the CVE in the Vulnerabilities page.
Each vulnerability also has a Decision Parameters tab to describe why it was elevated to an alert.