--- title: "Step 2 - Explore Findings & Dashboards" slug: "step2" tags: ["connectors", "custom asset uploads", "custom scan files", "data ingest", "importing data", "projects"] updated: 2025-12-01T13:16:46Z published: 2025-12-01T13:16:46Z stale: true --- > ## Documentation Index > Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt > Use this file to discover all available pages before exploring further. # Step 2 - Explore Findings & Dashboards Welcome to the next step in operationalizing your Nucleus environment. Now that you’ve ingested data into the platform, it’s time to put that data to work. ## Why This Step Matters At this stage, you're moving from *data ingestion* to *data orientation*. This means understanding what you’ve ingested, how complete or useful that data is, and how to start identifying real risk. This is the cornerstone of the Normalize and Enrich stages in the Nucleus Vulnerability Management Maturity Model. ## Exploration ### Use the Active Vulnerabilities Page for Initial Exploration The **Active Vulnerabilities Page** is the core, asset-aware findings view in Nucleus. It lists every **discovered, de-duplicated, and currently active finding instance** across all integrated scanners and sources. Each row represents a [unique finding](https://help.nucleussec.com/docs/findings-and-their-properties) across all affected assets, combining data from the source scan with enrichment from Nucleus. #### What It Shows Each row on this page represents a *unique vulnerability instance* tied to a specific asset, scan type, and timestamp. This is where risk is *real*—not just theoretical. #### Why It Matters - **This is where most remediation starts.** If a team is going to fix something, it’s almost always going to originate here. - **Risk is contextualized.** You can filter by risk score, exploitability, asset criticality, ownership, SLA status, and more. - **It's enriched.** Each finding is enriched with threat intel, business context, and metadata from all upstream sources, including from the proprietary [Nucleus Insights & Threat Rating](/v1/docs/insights) Vuln Intel feed. #### To get to the Active Vulnerabilities page Even before configuring SLAs, rules, or automations, your team can gain critical insight by: - Navigating to **Vulnerabilities > Active Vulnerabilities** - Applying **Filters** to hone in on findings with real impact (these are items being actively exploited and it is common to start here): - `nucleus_exploited = true` - `nucleus_risk_score >= 500` - `asset_criticality = high` - Use the **Column Configurator** to tailor your view (e.g., add Nucleus Risk Score, Exploitability, Tags) ![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/explore1.gif) This page is the best place to triage incoming data and begin creating ticketing packages, assigning ownership, or measuring SLAs. ### Next: use the CVEs Page The **CVEs Page** in the Nucleus console is a **cross-project inventory** of all known CVE-based vulnerabilities that have been discovered in your environment. It aggregates CVEs across scan sources, normalizes them, and provides a single-pane-of-glass to explore: - The number of findings linked to each CVE - Enrichment details like exploitability (EPSS, KEV, Mandiant, GreyNoise) - CVSS base and temporal scores - Presence of available remediations or patches #### Why It Matters - **Find CVEs affecting multiple systems:** Quickly identify widespread risk across tools and teams. - **Validate your coverage:** If a trending CVE is missing here, it likely means you’re not scanning for it. - **Prioritize across silos:** CVEs help centralize triage across AppSec, Infra, and Cloud by providing a universal ID. #### Suggested Use Cases - Filtering by `nucleus_exploited = true` to quickly surface weaponized vulns - Clicking into a CVE to view all affected assets and vulnerability instances - Using filters to target `cisa_kev = true AND finding_count > 0` for compliance-driven action ![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/image(490).png) This page is a **threat-informed, asset-aware** jumping-off point that supports both security analysts and vulnerability managers. ## Leverage Built-In & Custom Dashboards Dashboards provide curated views of your risk posture and help stakeholders make decisions. Start with: ### 1. **Operations Overview Dashboard** This dashboard helps identify visibility gaps and risk surface. Key metrics include: - Asset ingestion volume - Vulnerability counts - Threat intelligence enrichment stats from [Nucleus Insights](/v1/docs/insights) Use this to baseline how much risk data you’ve collected, and what’s missing. ![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/image(533).png) ### 2. Executive **Trends Page** The Trends view helps you monitor: - Dwell time - Vulnerability remediation velocity - Trends in discovered vs. resolved findings You can now filter Trends by **severity, exploitability, source, and discovery date**. ![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/image(483).png) ### 3. **Custom Dashboards** Available under **Analyze > Dashboards**, these dashboards allow you to build tailored views for your specific stakeholders. Examples include: - SLA performance by business unit - Open findings by team or tag - Project-specific KPIs (e.g., FedRAMP posture, internal audit tracking) Use these dashboards to drive **risk ownership and accountability** across engineering and application teams. Example dashboard: ![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/image(482).png) ### 4. **Executive Metrics Page** This is your executive-ready metric-creator for business-aligned reporting. It allows you to compare cross-correlated metrics across asset groups: - Risk Score trends across time - SLA and due date compliance by team - Business unit comparisons Use this for board reporting, governance meetings, and quarterly security reviews. These metrics are able to be used in the building of custom dashboards from above ### 5. **Asset Management Page** While not a dashboard in the traditional sense, this is a powerful filtering and grouping tool. You can: - Filter assets by metadata (e.g., tags, ownership, criticality, cloud provider) - Sort by number of findings, active threats, or last seen date - Group assets into business units or technology tiers Use this to explore your attack surface and ensure asset coverage is complete and actionable. --- 📊 Your in-app checklist will guide you to filter, triage, and save views. 🔗[Nucleus Threat Intelligence](https://help.nucleussec.com/docs/overview-of-nucleus-threat-data) 🔗[Explore the Help Center](https://help.nucleussec.com/docs) > [!NOTE] > Next Step > > Let’s start prioritizing our work: [Step 3 - Prioritize](/v1/docs/explore) Need a hand? Let us know. We're happy to assist. — The Nucleus Team ([support@nucleussec.com](mailto:support@nucleussec.com)) ## Related - [Projects & Asset Group Structure](/projects-and-asset-group-structure.md) - [Data Ingestion](/data-ingestion.md) - [Custom Asset Upload](/custom-asset-csv.md) - [Step 1 - Let's get started](/create.md) - [Step 3 - Prioritize](/prioritize.md)