Skip to main content
 
Splunk Lantern

Vulnerability detection data

 

A vulnerability is a security flaw that can be exploited by a threat actor to gain access or perform unauthorized activity within a system. Systems often keep network services running by default, even when they aren’t required for a particular server. These running, unmonitored services are a common means of external attack, as they may not be patched with the latest OS security updates. Vulnerability detection platforms provide scanning capabilities to look for known vulnerabilities which include software vulnerabilities and security misconfigurations. These scans result in a list of vulnerable systems, their specific vulnerabilities, and recommendations for the remediation of discovered vulnerabilities.

Broadscale vulnerability scans can reveal security holes that could be leveraged to access an entire enterprise network. They show data about open ports and IP addresses that can be used by malicious agents to gain entry to a particular system or entire network. In the Common Information Model, vulnerability scanning data is typically mapped to the Vulnerabilities data model.

Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: 

Use cases for Splunk security products

Be sure to explore the Splunk Security Content site to see what detections you can run in Splunk Enterprise Security with vulnerability data.

Securing medical devices from cyberattacks