Detected vulnerabilities generate alerts based on:
Technologies in use assets
CVE integrations (like InsightVM or Qualys)
CVEs added by the Threat Command API
CVEs added by the IntSights Extend browser
The conditions that you can use to customize alert triggering are described here.
In addition to alerts triggered by rules that you create, you can use the Alert on events option to add alerts to existing alerts when the following events occur:
|New event since the existing alert was created
|Exploit is available
|A new exploit was published.
|CVE is trending
|A CVE has started trending (daily, weekly, or monthly).
|IntSights score increase
|The IntSights score has increased.
|CVSS score increase
|The CVSS has increased.
The following figure illustrates how to create alerts based on events. For more information, see Creating Alerts from Events. When you enable these options, additional alerts will be generated on vulnerabilities that already have alerts, if an exploit becomes available or the CVE starts trending.
Viewing vulnerability alerts
Vulnerability alerts are managed and displayed in the Alerts page:
To filter for vulnerability alerts from the Alerts page:
- From the Alerts page, click the Source Type filter and select VRA.
To view vulnerability alerts from the Vulnerabilities page:
The following table shows the differences between vulnerability alerts and other alerts:
|The Source URL is always from NVD.
|The Source type is always VRA.
|Matched assetsare from CVEs that originated from the Technologies in use asset.
|Clicking Vulnerability details will open the CVE in the Vulnerabilities page.
Each vulnerability also has a Decision Parameters tab to describe why it was elevated to an alert.