The original post: /r/cybersecurity by /u/IRanqer on 2024-11-14 15:50:40.

Hello everyone,

I am responsible for introducing a concept to manage vulnerabilities more pro actively and centralized in our department for our systems (network devices) to remediate them even before internal vulnerability scans detect them.

I would like to automate everything as much as possible. I thought about getting a list of our systems and their software version maybe through API calls to our IPAM system. Then getting a list of known CVEs and filtering for manufacturer, system and version information to get only CVEs for systems we use. However, I dont know yet how to get this kind of information effectively.

Based on this we could plan the remediation of these CVEs.

Does anybody have any experience or recommendations for strategies or tools?

The goal is to detect published CVEs as fast as possible without scanning the infrastructure too often.