Skip to main content

Vulnerability Settings

Control how DashX scans for and enriches vulnerabilities across your fleet.

Configure

  1. Go to Settings → Monitoring & Alerts → Vulnerability.
  2. Set the scanning behavior:
    • Enable vulnerability scanning and set its cadence.
    • CISA KEV — flag actively‑exploited CVEs (a free feed, on by default).
    • AI CPE resolver — let the AI Provider resolve product‑to‑CVE matches when NVD's CPE data misses (off by default; enable to catch more).
    • NVD source — the vulnerability data source (and any API key for higher rate limits).
  3. Save.

Results appear under Vulnerabilities and on each device's Vulnerabilities tab.

tip

Leave KEV on always — it's free and it's the difference between "3,000 CVEs" and "the 6 that are actually being exploited." Enable the AI CPE resolver if you find real installed software isn't matching known CVEs.