Vulnerability Alerts

Detected vulnerabilities generate alerts based on:

  • Technologies in use assets

  • CVE integrations (like InsightVM or Qualys)

  • CVEs added by the Threat Command API

  • CVEs added by the IntSights Extend browser

    Viewing alerts is described inViewing vulnerability alerts.
    You can customize which threats trigger alerts using the Exploitable Data > Vulnerabilities section of the Alert Profiler.

The conditions that you can use to customize alert triggering are described here.

In addition to alerts triggered by rules that you create, you can use the Alert on events option to add alerts to existing alerts when the following events occur:

EventNew event since the existing alert was created
Exploit is availableA new exploit was published.
CVE is trendingA CVE has started trending (daily, weekly, or monthly).
IntSights score increaseThe IntSights score has increased.
CVSS score increaseThe CVSS has increased.

The following figure illustrates how to create alerts based on events. For more information, see Creating Alerts from Events. temporary placeholder When you enable these options, additional alerts will be generated on vulnerabilities that already have alerts, if an exploit becomes available or the CVE starts trending.

Viewing vulnerability alerts

Vulnerability alerts are managed and displayed in the Alerts page:

temporary placeholder

To filter for vulnerability alerts from the Alerts page:

  • From the Alerts page, click the Source Type  filter and select VRA.

To view vulnerability alerts from the Vulnerabilities page:

  • From the Vulnerabilities page, click View Alert.
    temporary placeholder

The following table shows the differences between vulnerability alerts and other alerts:

Marked areaDifference
AThe Source URL is always from NVD.
BThe Source type is always VRA.
CMatched assetsare from CVEs that originated from the Technologies in use asset.
DClicking Vulnerability details will open the CVE in the Vulnerabilities page.

Each vulnerability also has a Decision Parameters tab to describe why it was elevated to an alert.