Skip to main content
Vulnerabilities

Centralizes vulnerability tracking place, allowing you to filter, prioritize, and address issues based on severity and SLAs.

Updated over a month ago

The Vulnerabilities page provides a clear overview of all vulnerabilities, allowing you to prioritize and address critical issues based on severity. Connect your vulnerabilities management tools to Drata so that you can easily view all of your vulnerabilities in one central place, automatically track SLA due dates, and receive the latest status of your vulnerabilities. You can also customize the frequency of notifications and reminders for missed or upcoming SLAs to stay informed.

Prerequisite

After a successful connection, select the View Findings button on the active connection card or go directly to the Vulnerabilities page through the left navigation menu to view your vulnerabilities.

Vulnerabilities page overview

To access the Vulnerabilities page, select Vulnerabilities from the left-side navigation menu. This page allows you to easily track and manage security vulnerabilities based on the connections you’ve set up. Ensure that the connections are the ones listed previously.

At the top of the page, use the filter option to view vulnerabilities specific to your connections. You can also search by vulnerability ID, due date, severity, and fix availability.

For more detailed information about a vulnerability, select the vulnerability to open the a drawer, where you’ll find key details like CVSS scores and platform-specific metadata. Scroll down to find the desired information.

To refresh select the Resync button which allows you to refresh existing vulnerability data. To export vulnerability reports, whether filtered or complete, select the Download button.

Define SLA and warning period

  1. Navigate to the Vulnerabilities page.

  2. Select the settings icon () on the top right corner of the Vulnerabilities page. The SLA Settings drawer will open.

  3. View your SLAs and select the edit icon to update any of these configurations.

    • You can adjust the SLA settings for each severity level. Drata will calculate the due dates for each vulnerability and display the dates in the SLA Due Date column on the Vulnerabilities page.

    • If you have a Vulnerability Management Policy, Drata will use the SLAs from that policy. If not, default SLAs will be applied automatically.

      • The default SLAs are:

        • Critical: 7 days

        • High: 30 days

        • Medium: 90 days

        • Low: 180 days

  4. Scroll down to the Warning period section and select a time period, This defines when notifications are sent to you regarding upcoming vulnerabilities.

    • For example, if you select 7 days as your warning period, for each vulnerability, you will get notified 7 days before the upcoming SLA due date.

Schedule vulnerability email notifications

  1. Go to your settings. Under My Settings sections, select Notifications.

  2. Scroll down to Reminders for vulnerabilities with missed or upcoming SLAs and enable this option to receive a summary of critical and high-severity vulnerabilities, including their due dates. The summary will also include details about due dates.

    • Select how often you would like to receive these notifications.

Monitoring tests

There are 2 new monitoring tests for each provider that you connect:

Did this answer your question?