This document covers how to:
- Maintain a single or a few healthy applications/services
- Identify the most urgent vulnerabilities in your software stack
- Understand the severity of vulnerabilities
- Surface tasks from your security team in your daily workflow so it's easy to deliver more secure software with less toil.
If this workflow doesn't sound like you, check out our document on managing vulnerabilities as a security team.
Prerequisites
Vulnerability data sent through one of our integrations.
Maintain the vulnerability health of your application
Once vulnerability data starts flowing into New Relic, you can access your data through various scoped views.
To monitor the health of specific applications or services, use our entity scoped view by navigating to one.newrelic.com > All capabilities > APM & services > (select an entity) > Triage > Vulnerability Management. For a larger scope, see our document on managing vulnerabilities as a security team.
one.newrelic.com > All capabilities > APM & services > (select an entity) > Triage > Vulnerability Management
The security summary page for an entity gives you a high level overview of the security of your application or service. Curated dashboards such as the number of critical vulnerabilities, visualizations of historical new vulnerabilities, and average time to remediation provide a general summary of the current and historical security of your application or service.
Identify and remediate vulnerabilities
There are two main ways to prioritize vulnerabilities:
- Triage and prioritize vulnerabilities yourself
- Remediate vulnerabilities assigned to you by your security team or others
Triage and prioritize
To view all vulnerabilities open for your service or application, select the Vulnerabilities tab from the entity security overview page:
one.newrelic.com > All capabilities > APM & services > (select an entity) > Triage > Vulnerability Management > Vulnerabilities
This page shows you all open vulnerabilities and allows you to filter them by attributes such as severity and source. Clicking into a specific vulnerability provides detailed information about its severity, scope, source, and steps to remediation:
one.newrelic.com > All capabilities > APM & services > (select an entity) > Triage > Vulnerability Management > Vulnerabilities, click a vulnerability.
Solve assigned vulnerabilities
Your security team or others may triage vulnerabilities and assign the remediation of individual vulnerabilities to you. To find vulnerabilities assigned to you, select Vulnerabilities assigned to me from the entity security summary page:
one.newrelic.com > All capabilities > APM & services > (select an entity) > Triage > Vulnerability Management, and click Vulnerabilities assigned to me.
This screen shows you all the vulnerabilities assigned to you. Select a vulnerability for detailed information about its impact and steps to remediation.
Set up vulnerability alerts
Set up through Slack or a Webhook to receive notifications when vulnerabilities of a set severity appear.
Set up a Slack alert
- On any vulnerability management screen, select Manage security notifications
- Select Add a Slack.
- Under Slack settings, select a destination or create one by clicking .
- Under Slack settings, select a channel to send your notifications to.
- Under Notification rules, configure rules to receive notifications for vulnerabilities of different severity levels.
Set up a webhook alert
- On any vulnerability management screen, select Manage security notifications.
- Select Add a Webhook.
- Under Webhook settings, select a destination or create one by clicking . Learn more about creating a Webhook destination here.
- Under Webhook settings, create a channel name.
- Under Notification rules, configure rules to receive notifications for vulnerabilities of different severity levels.