Skill UI

This workflow guides SOC teams in establishing a comprehensive, structured process for vulnerability management. It utilizes major scanning tools (Nessus, Qualys, OpenVAS) to discover, prioritize, and track remediation of security weaknesses across the infrastructure. It integrates threat intelligence (CISA KEV) and asset criticality into risk scoring, ensuring resources are focused on the most critical threats.

This skill implements a sophisticated risk-based prioritization engine by combining three critical data sources: the CISA Known Exploited Vulnerabilities (KEV) catalog, the Exploit Prediction Scoring System (EPSS), and traditional CVSS scores. It allows security teams to move beyond simple severity ratings, focusing remediation efforts on vulnerabilities confirmed to be actively exploited in the wild or predicted to be highly exploitable. The workflow integrates fetching, enriching, and scoring vulnerabilities to generate an actionable remediation plan with defined SLAs.

This skill provides a comprehensive guide to the Common Vulnerability Scoring System (CVSS v4.0), the industry standard for assessing vulnerability severity. It teaches users how to calculate CVSS scores using Base, Threat, and Environmental metrics, and crucially, how to integrate real-world context like EPSS scores and CISA KEV listings for advanced, actionable risk prioritization in security operations.

This tool implements the Stakeholder-Specific Vulnerability Categorization (SSVC) framework, providing a structured decision-tree methodology for advanced vulnerability prioritization. It moves beyond traditional CVSS scoring by incorporating critical factors such as active exploitation status (CISA KEV), technical impact, automatability, and mission prevalence. It generates actionable remediation priorities (Track, Attend, Act) to guide security teams in managing risk and improving security program maturity.