Configure the Early Warning for Security Exposure Management integration
Install and configure the Early Warning for Security Exposure Management integration plugin to ingest threat intelligence and enrich your vulnerability database with pre-disclosure threat signals.
Before you begin
Before you begin:
- Verify that Unified Security Exposure Management (Vulnerability Response v30.x) is installed and configured in your instance.
- Verify that the Vulnerability Integration Framework plugin is activated.
- Obtain Armis Early Warning feed credentials and verify access to the threat intelligence API.
Role required: sn_sec_cvd.read: Viewing Early Warning for Security Exposure Management health/CVD records.
Write access to sn_vul_ew_cvd_attributes table is not exposed to any user role; the integration manages these attributes internally.
About this task
By configuring the Early Warning for Security Exposure Management integration, you enable your vulnerability management system to access pre-disclosure threat intelligence, allowing your security team to prioritize and respond to high-risk vulnerabilities before public disclosure.
Procedure
Result
Your Early Warning for Security Exposure Management integration is now configured and active. The integration will:
- Ingest pre-disclosure threat signals on a scheduled cadence.
- Enrich matching CVDB records with threat intelligence attributes. See Libraries in the List view table in Security Exposure Management Workspace List view for more information.
- Propagate early warning status to related vulnerability records.
- Update risk scores to reflect early warning signals.
What to do next
After configuring the integration, consider the following next steps:
- Configure risk rules to weight the early warning flag in your vulnerability risk calculation
- Create custom Vulnerability Crisis Management (VCM) workflows to trigger on early warning CVEs.
- Review and customize the Early Warning dashboard to fit your team's reporting needs.