Drata checks whether your organization have any open high vulnerabilities that have not been addressed (such as through a security fix or acceptance/exclusion) which is identified by the listed connections in Drata
Available connections:
AWS Inspector
Snyk
Tenable
Qualys
Semgrep
CrowdStrike Falcon Exposure Management
SentinelOne Vulnerability Management
Microsoft Defender Vulnerability Management
Rapid7 Insight VM
Associated Drata Control
This test is part of the Quarterly Vulnerability Scan control that ensures your company engages with a third-party to conduct vulnerability scans of the production environment as dictated by company policy and compliance requirements. This control also requires that scan results are reviewed by management with high-priority findings being tracked to resolution.
What to do if the test fails
When the test fails, address your open high vulnerabilities by either remediating them in listed connections or excluding them in the test result drawer.