Vulnerability Assessment Feature Overview


Supported OS Distros

Threat Stack currently supports the Vulnerability Assessment feature on the following Linux distros:

  • Amazon
  • CentOS
  • RedHat
  • Ubuntu

For more information, see System Requirements.

Vulnerability Assessment Overview

Threat Stack runs a daily Vulnerability Assessment that analyzes all installed packages against the Common Vulnerabilities and Exposures (CVE) listed in the National Vulnerability Database (NVD) run by the National Institute of Standards and Technology (NIST).

For each vulnerability, the severity score is based on the Common Vulnerability Scoring System v2 (CVSS v2) used by the NVD. The severity can be high (H), medium (M), or low (L) as determined by NVD.

At the end of the assessment, Threat Stack displays a list of vulnerable packages, associated CVEs, and impacted servers. As a security management best practice, Threat Stack recommends that you review and analyze the assessment results, using the suggested documentation provided by the supported operating system (OS) security notices and NVD articles.

Vulnerability Assessment Results

Threat Stack provides a holistic understanding of potential vulnerabilities by assessing all packages installed using the package manager. Threat Stack will not remediate or manage package vulnerabilities on your behalf.

You can resolve these vulnerabilities at the host level or suppress the vulnerability within Threat Stack.

If you find vulnerabilities and deem them low risk, such as OS-defined will not fix/low priority, etc., you have the ability to suppress the vulnerability. Learn more about Suppressing Vulnerabilities.

To resolve the vulnerability at the host level, implement the suggested remediation steps according to the supported OS security notice. Confirm on the next daily scan that you are no longer vulnerable.

For more information see the NVD Frequently Asked Questions or A Complete Guide to the Common Vulnerability Scoring System v2.

Subscribe to Assesment Results

Vulnerability assessments occur within 15 minutes of package collection. Threat Stack collects packages at the following times:

  • Daily between 12:00 a.m. and 2:00 a.m. UTC.
  • The first time an Agent starts and connects to the Threat Stack platform.

You can subscribe to a daily vulnerability report email. To enable these reports, go to Settings > General Settings tabNotifications Settings section.

Vulnerability Package Assessment Workflow

This image depicts the flow of the Threat Stack agent detecting packages, cross-referencing them against more than two million identified CVEs.


For this illustration, we use "TS" to refer to Threat Stack.


Select the image to enlarge it.

Articles in the Vulnerability Assessment Series

Vulnerability Assessment FAQ

Suppress or Unsuppress Vulnerabilities

Was this article helpful?
0 out of 0 found this helpful