Following...  This is a critical piece of info that helps us prioritize remediation efforts.

Hi @sj1 ,

Indeed we are already working to enrich our vulnerability information, and one of the feeds we will use will be the CISA catalog, as you suggested.

I don't have an exact timeframe for it, but it will be in the coming months.

Tried to export from the security listing and that worked. When I open a specific item and then try to export it fails. No error just no export. 

Do like the progress. The additional columns are usefull. Still do not understand where some of the reported vulnerabilities come from. Might be usefull to show a column patch available yes or no. 

For me to use this I would need additional information that helps me to know:

Severity ✔️

Asset ✔️

Software package and version where this is found ❌

Hi @jb_HSI ,

Thanks for your feedback. Please be patient, considering the feature is still in preview. What you are claiming is something we are currently working to solve, and it will be available in the coming months.

In the meantime, I encourage you to try the new analytic capabilities released today for vulnerabilities. Customizing the views, filtering the vulnerabilities, or exporting the info is already available!

What would also be nice is that I don't find today that I have 300 vulnerabilities then tomorrow it becomes 1000+ and then drops again by 1000+ the following day.

There is Something SERIUOUSLY  wrong with scanning of assets,  I have watched a perfectly  good assets come in clean for days and then all of a sudden after being scanned for several weeks, appear to have over 300 vulnerabilities for problems that are resolved by cumulative updates,  suggestion is that I install a patch from 6 months ago, Yet January updates are are clearly on the device, I have a server also missing updates supposedly for over 3 years? Run a report using our Lansweeper server, clean as a whistle, the same data we push to the cloud.

You can filter out stuff all day long but if the data isn't even valid  what is the point of claiming to to be able to scan vulnerabilities, preview or not this is making you look very bad  this becoming more alpha grade code  than preview. and to think your sales guys convinced me to  upgrade our license becuase this product was just about to leave preview and 3 months later all I'm hearing is this is still very firmly in preview mode

Hi @James12 ,

The decision to early release the functionality as preview was made with the aim of detecting (with your help) issues, limitations, or lack of functionality as soon as possible, making it possible to take the vulnerabilities module to the quality level it delivers value to the users.

As soon as we were aware of the limitation of NIST CVEs to detect the installation of KBs through cumulative patches, we started working on a solution that will enrich our vulnerabilities using Microsoft data allowing us to detect installed KBs even if they are individual or part of a cumulative patch.

Sorry for any inconvenience, we continue working hard to fulfill your expectations and recover your trust in this functionality soon.