Overview
Vulnerability Intelligence is a foundational capability introduced in Alert Manager Enterprise (AME). It empowers organizations to identify, prioritize, and manage vulnerabilities efficiently, bridging the gap between raw detection data and actionable security operations.
Thanks to its robust integration with Splunk and its deep visibility into organizational logging data, AME stands out as a powerful enabler of the Vulnerability Intelligence process.
Vulnerability Intelligence requires an AME Security Pack Subscription: Please contact Datapunctum Sales for an evaluation license
What You Can Do with AME's Vulnerability Intelligence
- Correlate vulnerability detections with enriched asset intelligence to reveal hidden exposure and blind spots
- Manage the complete vulnerability lifecycle — from initial detection → confirmation → risk acceptance → remediation
- Prioritize remediation using Observables, criticality tags, and the integrated Risk Framework
- Define and enforce tiered SLAs for different classes of assets and business units
- Systematically track and document vulnerability exclusions / risk acceptances for compliance & audit purposes
- Create and automatically distribute customized vulnerability reports
- per department, business unit, PCI zone, or any other observable/reporting group
- with your branding, selected CVE & asset fields, flexible scheduling, and recipient management
- Seamlessly integrate vulnerability events with third-party ticketing systems (ServiceNow and Jira Software) to automatically create, update, and bi-directionally sync remediation tickets
- Demonstrate alignment with major security frameworks (PCI DSS, ISO 27001, NIST, etc.)
Terminology
Familiarise yourself with the following terms used in AME and the Vulnerability Intelligence Framework
Vulnerability: A known weakness or flaw in a system or application Realization: A live instance of a vulnerability detected and ingested by AME (e.g., a CVE detected on a specific host) Realization Rule: Defines how a Realization is processed to create an AME Event Risk Event: A container tied to an AME Event that models active or inactive risk associated with Observables Alert: A triggered signal within AME, part of a larger Event Event: An aggregation of alerts and/or realizations in AME Ticket: A linked issue in a third-party ticketing tool (eg: ServiceNow) created optionally from an AME Event SLA: A Service Level Agreement defining expected remediation timelines Source: The origin of the vulnerability data (e.g., a specific scanner or feed)
Architecture
Next Steps
- Configure Vulnerability Intelligence
- Configure Vulnerability Intelligence Reporting