Configure the Early Warning for Security Exposure Management integration
Install and configure the Early Warning for Security Exposure Management integration plugin to ingest vulnerability intelligence and enrich your vulnerability database with threat signals.
Before you begin
Before you begin:
- Verify that Unified Security Exposure Management (Vulnerability Response v30.x) is installed and configured in your instance.
- Verify that the Vulnerability Integration Framework plugin is activated.
- Obtain Armis Early Warning feed credentials and verify access to the threat intelligence API.
Role required: sn_sec_cvd.read: Viewing Early Warning for Security Exposure Management health/CVD records.
About this task
By configuring the Early Warning for Security Exposure Management integration, you enable your vulnerability management system to access vulnerability intelligence, allowing your security team to prioritize and respond to high-risk vulnerabilities.
Procedure
Result
Your Early Warning for Security Exposure Management integration is now configured and active. The integration will:
- Ingest threat signals on a scheduled cadence.
- Enrich matching CVDB records with vulnerability intelligence attributes. See Libraries in the List view table in Security Exposure Management Workspace List view for more information.
- Propagate early warning status to related vulnerability records.
- Update risk scores to reflect early warning signals.
What to do next
After configuring the integration, consider the following next steps:
- Configure risk rules to weight the early warning flag in your vulnerability risk calculation
- Create custom Vulnerability Crisis Management (VCM) workflows to trigger on early warning CVEs.
- Review and customize the Early Warning dashboard to fit your team's reporting needs.