Documentation Index

Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt

Use this file to discover all available pages before exploring further.

Active Vulnerabilities Page

  • 4 minute(s) read
Prev Next

Overview

The Active Vulnerabilities page in Nucleus is the command center for identifying, analyzing, and prioritizing open risks in your environment. It is designed to give security teams a real-time and historical snapshot of all vulnerability instances that have not yet been resolved, providing a critical foundation for effective remediation, reporting, and risk reduction.

This page is used by nearly every Nucleus customer on a daily basis. It serves as both the investigative workspace for security practitioners and the reporting engine details list for communicating risk across the business of individual vulnerabilities.

Why It Matters

Security teams are often flooded with thousands, or millions, of vulnerability findings. The Active Vulnerabilities page helps teams cut through the noise by offering:

  • Out of the box Prioritization: This view gives you the default Nucleus view of prioritizing vulnerabilities in your environment. You can immediately see a sorted list of what to work on, which can be distributed to every member of your team, or customize how the prioritization works using our Automation.

  • Powerful Filtering and Search Tools: Query builder access lets users target vulnerabilities by status, severity, asset groups, due dates, exploitability, and more. This enables teams to find high-priority risks fast, or explore long-tail issues for cleanup.

  • Operational Awareness: By exposing both new and long-standing vulnerabilities, it supports daily triage, SLA monitoring, and campaign-based remediation.

  • Source of Truth for External Processes: Most ticketing automations, exception workflows, and risk reporting originate from filtered views on this page.

  • Vulnerability Intelligence Enrichment: This page automatically correlates instances of vulnerabilities with Nucleus’ vulnerability intelligence feed, Nucleus Threat Data

Understanding the Active Vulnerabilities Dashboard

The Active Vulnerabilities page is designed to serve as a central hub for the source of truth of your vulnerability data, to allow for many use cases, such as:

  • Triage and Prioritization: Filter for new or critical vulnerabilities to build daily remediation queues.

  • Threat-Informed Defense: Quickly locate vulnerabilities known to be exploited in the wild using integrated threat intelligence indicators.

  • Ticket Creation and Tracking: Link filtered results directly to ticketing rules for hands-free escalation and tracking.

  • Reporting and SLA Monitoring: Export filtered views for executive reports or use metrics widgets to track compliance with remediation SLAs.

Main Components:

  • Vulnerabilities List: Displays all the vulnerabilities you currently have open in your organization, grouped by the scanning tool that found them + the vuln ID from the scanner + all the assets affected by the vulnerability. The Vuln List also provides various metrics related to those vulnerabilities.

  • Quick Filter Cards: Provides metrics on common filter applications, such as Severity = Critical, as well as threat intelligence attributes such as "Is this vulnerability being used by malware”

  • Search: Allows the ability to search for specific vulnerabilities by name.

  • Filter: Allows you to filter the list to the vulnerabilities you care about, using Asset, Vulnerability, or Threat Intel fields. This can include fields such as “Asset Group = External” or “Severity = Critical”. You can combine multiple filter attributes into one filter.

  • Reports: Allows you to create reports to send to external locations filtered down to the view you have in your console.

  • Modify: Allow users to bulk modify vulnerabilities at scale, such as due dates, changing severities to recast risk, and more.

  • Add Finding: Allow users to add custom findings to Nucleus manually, supporting any of the Custom Findings Types. You can also use the Assessments module.

  • Manage Columns: Set up your view to be exactly what fields you want to track on this page every time you navigate to it.

Columns:

  • Pin: Allows users to pin specific vulnerabilities to the top of the list. This overrides any prioritization or sorting used on this page until the vulnerabilities is un-pinned. Useful for tracking celebrity vulnerabilities.

  • Severities: The number of instances of a vulnerability are inside this Vulnerability group and at which severity rating. Useful for evaluating overall risk of a specific vulnerability found by a scanner.

  • Risk: Only available to Mandiant subscribers. This is the risk rating score of Mandiant for this vulnerability, as correlated by Nucleus.

  • Name: The name of the vulnerability from the upstream scanner.

  • Threat: [Deprecated] These are the threat intel attributes for this vulnerability as determined by Nucleus.

  • CVSS: This is the calculated CVSS score for the vulnerability based on your project settings. Default behavior is to use CVSSv3.

  • CVEs: This is the number of CVEs that affect this one vulnerability. Hovering over this will tell you which ones. You can also click on the vulnerability and navigate to the Vulnerability Intelligence tab to see more CVE-specific information.

  • Source: This is the scanner, or other method of discovering this vulnerability.

  • Discovered: The first time any of the Active instances of this vulnerability were seen by an upstream scanning tool.

  • Last Seen: The most recent time any of the Active instances of this vulnerability were seen by an upstream scanning tool.

  • Count: The number of times this one vulnerability is present in your environment.

  • Status: An aggregated list of all the workflow states any of the instances of this vulnerability are in within your environment. A single status means that all instances are in that status.

  • Action: Reflects whether or not External Tickets, Due Dates, and comments have been set on this vulnerability.

  • RF Score: Only available to users who connect their Recorded Future license to Nucleus. This reflects the Recorded Future risk score for a vulnerability.

How to Filter Vulnerabilities

To effectively filter vulnerabilities on the Active Vulnerabilities page:

1. Use the Filter:

  - Click the filter button at the top of the table.

2. Search for Exploited Findings using Insights:

 

3. Save and Monitor Filters:

  - Click the Save Search icon to reuse filters regularly.

  - Use the Monitor icon to trigger alerts when new matching vulnerabilities are discovered.

How to Generate a Report

Nucleus supports exporting filtered vulnerability views to share with stakeholders:

1. Apply Filters:

  - Ensure your filters reflect the desired scope (e.g., critical vulns in a specific asset group).

2. Export Options:

  - Click the Reports button at the top-left of the vulnerability table.