Vulnerability Management Overview

Kandji’s Vulnerability Management feature scans your entire fleet for known vulnerabilities (CVEs) based on data from the National Vulnerability Database (NVD), providing a clear, organized way to monitor and respond to vulnerabilities across your fleet. By using the different views—Vulnerability, Application, and Devices—you can quickly assess which threats need immediate attention and act accordingly.

Vulnerability Management identifies any known vulnerabilities (CVEs) within your fleet, leveraging information from the National Vulnerability Database (NVD). From the Vulnerabilities page in the Kandji Web App, you can view all relevant CVEs for specific applications.

The Vulnerability View provides a complete list of all detected CVEs across your fleet. You can search for specific vulnerabilities by:

  • CVE ID

  • Application

  • Criticality level

  • Last detected date

These filters help you prioritize what needs attention first based on the severity and timing of the vulnerabilities.

When you select a CVE, a detailed slideout will appear, giving you an in-depth look at:

  • The vulnerability's description

  • Impacted applications

  • Severity level

  • Links to official CVE reports for more information

This information helps you understand the scope of the threat and its potential impact on your devices.

The Common Vulnerability Scoring System (CVSS) is a method for calculating a qualitative measure of severity. Kandji Vulnerability Management utilizes the CVSS score to prioritize vulnerabilities and measure the severity of the vulnerability.

The National Institute of Standards and Technology (NIST) maintains the National Vulnerability Database (NVD), which provides CVSS enrichment for all published CVE records.

The Cybersecurity Infrastructure Security Agency (CISA) maintains the authoritative source of vulnerabilities that have been exploited in the wild. Kandji Vulnerability Management utilizes the Known Exploited Vulnerabilities (KEV) catalog to prioritize vulnerabilities.

In the Application View, you can see all the applications affected by a particular CVE. This allows you to focus your remediation efforts on the software that’s most at risk.

  1. If there are any issues with a CVE, click the Report Inaccuracy button.

  2. Select an issue from the drop-down.

  3. Optionally, enter a description of the issue.

  4. Click the Report button to complete the report.

Vulnerability Management scans the following directories for Applications (.app files only):

  • /Applications

  • /Library

  • /Users

Device App Inventory: Every 15 minutes

App Vulnerability Matching: Hourly

Vulnerability CVE Database: Hourly

The Devices View shows you which devices are impacted by the CVE. You can filter this view by Blueprint, which makes it easier to pinpoint affected devices within specific configurations or groups.

For each affected device, you’ll see additional details to help you take action, including:

  • Threat ID: The unique SHA-256 hash of the detected threat.

  • Process: The most recent process associated with the threat.

  • Classification: The type of threat (e.g., malware, phishing).

  • Detection Date: When the threat was first identified.

  • Devices: The number of impacted Mac devices.

  • Threat Status: The current state of the threat—whether it’s quarantined, resolved, or still active.

  1. Click the arrow to expand Device Details.

  2. You can click the open Device Record button for the full details.

  3. You can view information such as the path of the related application as well as version information.