Overview
Vulnerability Intelligence is a core capability of Alert Manager Enterprise (AME). It enables organizations to identify, prioritize, and manage vulnerabilities effectively — turning raw scanner and detection data into structured, actionable security operations.
Built on deep Splunk integration and rich visibility into organizational logging and asset data, AME Vulnerability Intelligence helps security teams close the gap between vulnerability detection and remediation.
Vulnerability Intelligence requires an AME Security Pack subscription.
Contact Datapunctum Sales for an evaluation license or to discuss licensing options.
What You Can Do with Vulnerability Intelligence
- Correlate vulnerability detections with enriched asset context to uncover hidden exposure and blind spots
- Manage the full vulnerability lifecycle — from detection and confirmation to risk acceptance, remediation, and closure
- Prioritize remediation using asset criticality, business context, observable metadata, and AME’s integrated risk scoring
- Define and enforce tiered remediation SLAs per asset class, business unit, department, or risk profile
- Systematically document vulnerability exclusions, risk acceptances, and compensating controls for compliance and audit
- Generate and automatically distribute tailored vulnerability reports
- Grouped by department, business unit, PCI zone, location, or any custom observable group
- Branded, with selectable CVE and asset fields, flexible scheduling, and recipient lists
- Automate ticket creation and bi-directional synchronization with third-party ITSM platforms
(ServiceNow, Jira Software) — link remediation tickets directly to AME vulnerability events - Demonstrate compliance with major frameworks (PCI DSS, ISO 27001, NIST CSF, CIS Controls, etc.)
Key Terminology
Familiarize yourself with these core terms used throughout AME Vulnerability Intelligence:
- Vulnerability — A known weakness or flaw in a system, application, or configuration (typically identified by a CVE)
- Realization — A concrete instance of a vulnerability detected on a specific observable (e.g., CVE-2024-12345 present on host XYZ)
- Realization Rule — A configurable rule that determines whether (and how) a realization generates an AME event
- Risk Event — An AME construct that tracks the active or mitigated risk associated with one or more realizations / events
- Event — An aggregation of alerts and/or realizations in AME, serving as the central unit for investigation and remediation
- Alert — A single triggered signal within an AME event
- Ticket — An issue created in an external system (ServiceNow, Jira, etc.) and optionally linked to an AME event
- SLA — Service Level Agreement defining expected remediation timeframes for specific vulnerability classes or asset types
- Source — The origin of vulnerability data (e.g., Tenable, Qualys, Rapid7, Microsoft Defender, cloud security posture tools, etc.)
High-Level Architecture
The diagram below illustrates the main components and data flow of the Vulnerability Intelligence engine in AME.
Next Steps
- Using Vulnerability Intelligence — everyday operations and dashboard usage
- Reports & Dashboards — interactive dashboards and reporting overview
- Configuration — admin guide for rules, overwrites, exceptions, and settings
- Scheduled Reports — configuring automated, recurring vulnerability reports