Overview
Kandji’s Vulnerability Management feature scans your entire fleet for known vulnerabilities (CVEs) based on data from the National Vulnerability Database (NVD), providing a clear, organized way to monitor and respond to vulnerabilities across your fleet. By using the different views—Vulnerability, Application, and Devices—you can quickly assess which threats need immediate attention and act accordingly.
Defining Vulnerabilities
Vulnerability Management identifies any known vulnerabilities (CVEs) within your fleet, leveraging information from the National Vulnerability Database (NVD). From the Vulnerabilities page in the Kandji Web App, you can view all relevant CVEs for specific applications.
Vulnerabilities View
The Vulnerability View provides a complete list of all detected CVEs across your fleet. You can search for specific vulnerabilities by:
CVE ID
Application
Criticality level
Last detected date
These filters help you prioritize what needs attention first based on the severity and timing of the vulnerabilities.
CVE Information
When you select a CVE, a detailed slideout will appear, giving you an in-depth look at:
The vulnerability's description
Impacted applications
Severity level
Links to official CVE reports for more information
This information helps you understand the scope of the threat and its potential impact on your devices.
CVSS Score
The Common Vulnerability Scoring System (CVSS) is a method for calculating a qualitative measure of severity. Kandji Vulnerability Management utilizes the CVSS score to prioritize vulnerabilities and measure the severity of the vulnerability.
The National Institute of Standards and Technology (NIST) maintains the National Vulnerability Database (NVD), which provides CVSS enrichment for all published CVE records.
KEV Score
The Cybersecurity Infrastructure Security Agency (CISA) maintains the authoritative source of vulnerabilities that have been exploited in the wild. Kandji Vulnerability Management utilizes the Known Exploited Vulnerabilities (KEV) catalog to prioritize vulnerabilities.
Application View
In the Application View, you can see all the applications affected by a particular CVE. This allows you to focus your remediation efforts on the software that’s most at risk.
Report Inaccuracy
If there are any issues with a CVE, click the Report Inaccuracy button.
Select an issue from the drop-down.
Optionally, enter a description of the issue.
Click the Report button to complete the report.
Application Directories
Vulnerability Management scans the following directories for Applications (.app files only):
/Applications
/Library
/Users
Update Frequency
Device App Inventory: Every 15 minutes
App Vulnerability Matching: Hourly
Vulnerability CVE Database: Hourly
Devices View
The Devices View shows you which devices are impacted by the CVE. You can filter this view by Blueprint, which makes it easier to pinpoint affected devices within specific configurations or groups.
Device Details
For each affected device, you’ll see additional details to help you take action, including:
Threat ID: The unique SHA-256 hash of the detected threat.
Process: The most recent process associated with the threat.
Classification: The type of threat (e.g., malware, phishing).
Detection Date: When the threat was first identified.
Devices: The number of impacted Mac devices.
Threat Status: The current state of the threat—whether it’s quarantined, resolved, or still active.
Click the arrow to expand Device Details.
You can click the open Device Record button for the full details.
You can view information such as the path of the related application as well as version information.