Vulnerability Management Overview

  • CJ
  • EF

Overview

Kandji’s Vulnerability Management feature scans your entire fleet for known vulnerabilities (CVEs) based on data from the National Vulnerability Database (NVD), providing a clear, organized way to monitor and respond to vulnerabilities across your fleet. By using the different views—Vulnerability, Application, and Devices—you can quickly assess which threats need immediate attention and act accordingly.

Defining Vulnerabilities

Vulnerability Managementt identifies any known vulnerabilities (CVEs) within your fleet, leveraging information from the National Vulnerability Database (NVD). From the Vulnerabilities page in the Kandji Web App, you can view all relevant CVEs for specific applications.

Vulnerability View

The Vulnerability View provides a complete list of all detected CVEs across your fleet. You can search for specific vulnerabilities by:

  • CVE ID

  • Application

  • Criticality level

  • Last detected date

These filters help you prioritize what needs attention first based on the severity and timing of the vulnerabilities.

CVE Information

When you select a CVE, a detailed slideout will appear, giving you an in-depth look at:

  • The vulnerability's description

  • Impacted applications

  • Severity level

  • Links to official CVE reports for more information

This information helps you understand the scope of the threat and its potential impact on your devices.

Application View

In the Application View, you can see all the applications affected by a particular CVE. This allows you to focus your remediation efforts on the software that’s most at risk.

Devices View

The Devices View shows you which devices are impacted by the CVE. You can filter this view by Blueprint, which makes it easier to pinpoint affected devices within specific configurations or groups.

Device Details

For each affected device, you’ll see additional details to help you take action, including:

  • Threat ID: The unique SHA-256 hash of the detected threat.

  • Process: The most recent process associated with the threat.

  • Classification: The type of threat (e.g., malware, phishing).

  • Detection Date: When the threat was first identified.

  • Devices: The number of impacted Mac devices.

  • Threat Status: The current state of the threat—whether it’s quarantined, resolved, or still active.