Device Vulnerability Scanning

Overview

Device Vulnerabilities provides continuous vulnerability scanning across your device fleet. Identify CVEs, prioritize remediation, and track patching progress.

How Scanning Works

Scan Process

Software Inventory
Agent collects installed software and versions.
CVE Matching
Software matched against vulnerability databases.
Risk Scoring
Vulnerabilities scored by severity and exploitability.
Reporting
Results displayed in dashboard with remediation guidance.

Data Sources

Source	Coverage
NVD	National Vulnerability Database
CVE	Common Vulnerabilities and Exposures
Vendor Advisories	Microsoft, Apple, Linux distros
Exploit DB	Known exploits

Vulnerability Dashboard

Key Metrics

Metric	Description
Total Vulnerabilities	Unique CVEs across fleet
Affected Devices	Devices with vulnerabilities
Critical/High	High-severity issues
Exploitable	Known exploit available

Vulnerability List

View all vulnerabilities:

CVE ID and description
Severity (CVSS score)
Affected software
Device count
Remediation status

Severity Scoring

CVSS Scores

Score	Severity	Priority
9.0-10.0	Critical	Immediate
7.0-8.9	High	Within 48 hours
4.0-6.9	Medium	Within 2 weeks
0.1-3.9	Low	Scheduled patching

Additional Factors

Beyond CVSS, consider:

Factor	Impact
Known Exploit	Increases priority
Internet Facing	Higher risk
Critical System	Higher priority
Compensating Controls	May reduce priority

Viewing Vulnerabilities

By Vulnerability

See all devices affected by a specific CVE:

Click on vulnerability
View affected devices
See software versions
Access remediation guidance

By Device

See all vulnerabilities on a specific device:

Go to Devices → Device List
Select device
Go to Vulnerabilities tab
View all CVEs for that device

By Software

See all vulnerabilities for a software package:

Go to Vulnerabilities → Software
Select software
View CVE history
See affected versions

Remediation

Remediation Actions

Action	Description
Patch	Update to fixed version
Upgrade	Move to new major version
Remove	Uninstall vulnerable software
Mitigate	Apply compensating controls
Accept	Document risk acceptance

Remediation Workflow

Assess
Review vulnerability details and impact.
Plan
Determine remediation approach.
Test
Test patch/update in non-production.
Deploy
Roll out remediation to affected devices.
Verify
Confirm vulnerability is resolved.

Tracking Progress

Track remediation status:

Status	Meaning
Open	Not addressed
In Progress	Being remediated
Resolved	Successfully remediated
Accepted	Risk accepted

Automation

Auto-Patching

Enable automatic patching for:

Operating system updates
Browser updates
Common applications
Security patches

Patch Windows

Configure maintenance windows:

Go to Settings → Patch Windows
Define allowed update times
Set restart policies
Configure user notifications

Exclusions

Excluding Vulnerabilities

When a vulnerability doesn't apply:

Select vulnerability
Click Exclude
Choose exclusion type:
- Global (all devices)
- Device-specific
- Temporary (with expiration)
Document reason

Exclusion Management

Review and manage exclusions:

List all exclusions
Expiration dates
Justifications
Re-enable as needed

Reporting

Vulnerability Reports

Generate reports showing:

Summary - Overview of vulnerability status
Trend - Changes over time
By Software - Most vulnerable applications
By Device - Devices needing attention
SLA - Time to remediation metrics

Compliance Evidence

Vulnerability management provides evidence for:

Framework	Requirement
SOC 2	CC7.1
ISO 27001	A.12.6.1
HIPAA	§164.308(a)(5)

Alerts

Alert Configuration

Set up alerts for:

Alert Type	Trigger
New Critical	Critical CVE discovered
Exploit Available	Exploit published for CVE
SLA Breach	Vulnerability exceeds SLA
Regression	Previously fixed, now present

Best Practices

Prioritize Ruthlessly

Focus on critical/high with known exploits first. Don't try to fix everything at once.

Maintain Patch Cadence

Regular patching prevents vulnerability buildup. Monthly at minimum.

Test Before Deploying

Patches can break things. Test in non-production first.

Track SLAs

Set and track remediation SLAs. Critical within 48 hours, High within 2 weeks.

Next Steps

MDM Query

Query devices for details

Security Checks

Enforce patching policies

Overview​

How Scanning Works​

Scan Process​

Software Inventory

CVE Matching

Risk Scoring

Reporting

Data Sources​

Vulnerability Dashboard​

Key Metrics​

Vulnerability List​

Severity Scoring​

CVSS Scores​

Additional Factors​

Viewing Vulnerabilities​

By Vulnerability​

By Device​

By Software​

Remediation​

Remediation Actions​

Remediation Workflow​

Assess

Plan

Test

Deploy

Verify

Tracking Progress​

Automation​

Auto-Patching​

Patch Windows​

Exclusions​

Excluding Vulnerabilities​

Exclusion Management​

Reporting​

Vulnerability Reports​

Compliance Evidence​

Alerts​

Alert Configuration​

Best Practices​

Next Steps​

MDM Query

Security Checks

Overview

How Scanning Works

Scan Process

Data Sources

Vulnerability Dashboard

Key Metrics

Vulnerability List

Severity Scoring

CVSS Scores

Additional Factors

Viewing Vulnerabilities

By Vulnerability

By Device

By Software

Remediation

Remediation Actions

Remediation Workflow

Tracking Progress

Automation

Auto-Patching

Patch Windows

Exclusions

Excluding Vulnerabilities

Exclusion Management

Reporting

Vulnerability Reports

Compliance Evidence

Alerts

Alert Configuration

Best Practices

Next Steps