Skip to main content

Vulnerabilities

The Vulnerabilities section provides automated vulnerability detection across your fleet. TridentStack Control correlates installed software and system update status against known CVE databases to identify exposed endpoints.

How Vulnerability Detection Works

TridentStack Control continuously evaluates your fleet for known vulnerabilities by combining data from your agents with external CVE databases.

The process is fully automated. Each time an agent checks in and reports its software inventory and installed updates, the server re-evaluates that agent's vulnerability exposure. No manual scans are required.

Navigating the Vulnerabilities Page

The Vulnerabilities page is organized into five tabs, each providing a different perspective on your fleet's security posture.

All

A flat list of every detected vulnerability across all agents. Each row represents a unique CVE found on one or more endpoints.

You can sort and filter by:

  • Severity (Critical, High, Medium, Low)
  • CVE ID
  • Affected agents count
  • Discovery date

This view is useful when you need to find a specific CVE or want to see the complete picture of your exposure.

Overview

A high-level summary of your fleet's vulnerability status. This tab includes:

  • Severity breakdown: How many vulnerabilities fall into each severity category (critical, high, medium, low)
  • Trend charts: Visualize how your vulnerability count changes over time
  • Top vulnerable endpoints: Quickly identify which agents have the most exposure
tip

Review the Overview tab regularly to track your fleet's vulnerability trend. A downward trend means your patching strategy is working.

By Agent

View vulnerabilities grouped by endpoint. This tab answers the question: "Which of my machines are most at risk?"

Each row shows an agent with its total vulnerability count and severity breakdown. Click any agent to drill into its individual vulnerability list, where you can see every CVE affecting that endpoint.

History

Track vulnerability discovery and remediation over time. The History tab shows:

  • When each CVE was first detected in your environment
  • When vulnerabilities were resolved (the missing patch was installed)
  • Trends in time-to-remediation

This view is particularly useful for audit and reporting purposes, where you need to demonstrate that vulnerabilities are being addressed within defined SLAs.

Exceptions

Manage vulnerability exceptions from this tab. Exceptions suppress specific CVEs from reports and dashboards when you have determined they are not applicable or have mitigating controls in place.

See Creating Exceptions below for details.

Severity Levels

TridentStack Control uses the industry-standard CVSS (Common Vulnerability Scoring System) to categorize vulnerability severity:

SeverityCVSS Score RangeDescription
Critical9.0 - 10.0Exploitation is straightforward and leads to full system compromise. Patch immediately.
High7.0 - 8.9Significant risk of exploitation or impact. Patch within your defined SLA.
Medium4.0 - 6.9Moderate risk, typically requiring specific conditions for exploitation.
Low0.1 - 3.9Limited risk or impact. Address during routine maintenance windows.

CVE Detail Page

Click any CVE ID to open its detail page. The detail page provides:

  • Description: What the vulnerability is and how it can be exploited
  • CVSS score: The numeric score and severity rating
  • Affected products: Which software or OS components are vulnerable
  • Exposed agents: A list of every agent in your fleet that is affected
  • Remediation guidance: Which KB articles (patches) resolve the vulnerability
  • External references: Direct links to the NVD (National Vulnerability Database) entry and vendor advisories

The remediation guidance is the critical piece: it tells you exactly which patch to deploy to eliminate the vulnerability.

Creating Exceptions

If a CVE is not applicable to your environment, you can create an exception to suppress it from reports. Common reasons for exceptions include:

  • The vulnerable feature or component is disabled on your endpoints
  • A compensating control is in place (e.g., network segmentation, firewall rules)
  • The vulnerability applies to a software version you do not run
  • A vendor has confirmed the vulnerability does not affect your configuration

To create an exception:

  1. Navigate to the CVE detail page or the Exceptions tab.
  2. Click Create Exception.
  3. Select the scope: fleet-wide or specific agents.
  4. Enter a justification note explaining why the exception is warranted.
  5. Optionally set an expiration date, after which the CVE will reappear in reports.
  6. Click Save.
warning

Vulnerability exceptions hide CVEs from reports but do not eliminate the risk. Only create exceptions when you have verified that a compensating control is in place.

Remediation

The fastest way to remediate vulnerabilities is to deploy the missing patches through your update policies.

The recommended workflow:

  1. Review the Overview tab to identify your highest-severity vulnerabilities.
  2. Open the CVE detail page for a critical or high-severity CVE.
  3. Note the KB article listed in the remediation guidance.
  4. Navigate to your Update Policies and verify the relevant KB is approved for deployment.
  5. If the KB is not yet approved, add it to the appropriate policy.
  6. Agents will install the patch on their next maintenance window.

After the patch is installed, the vulnerability is automatically marked as resolved during the agent's next check-in. No manual intervention is needed to clear remediated CVEs.