Get FDA readyServicesGuardian helpGet a demo

Identify and prioritize exploitable vulnerabilities

In the context of vulnerability assessment, Helm provides a practical framework for understanding and prioritizing vulnerabilities based on severity, exploitability, and potential threats. This article outlines how Helm utilizes CVSS v2 and v3 scores, along with EPSS scores and threat sources, including indicating if vulnerabilities are on the CISA KEV list, whether they are in the Exploit Database (exploit-db.com) or have a Metasploit toolkit available to make attacks easier, and whether they meet the criteria of the top 25 CWEs (Common Weakness Enumerations).

Rescoring vulnerabilities

You can adjust all vulnerability scores across an entire product version based on your device's environment and usage, or choose individual vulnerabilities to rescore. Customize vulnerability scores based on your device's unique environment and usage, recalibrating severity, exploitability, and threat information for a tailored assessment that minimizes false positives while pinpointing your more exploitable and critical vulnerabilities, thereby strengthening your cybersecurity defenses.

Get AI-powered guidance for vulnerability remediation

The Vulnerabilities list provides AI-powered guidance to help you fix or mitigate vulnerabilities more effectively. Select one or more vulnerabilities, then click the Get AI guidance action in the toolbar to display a comprehensive panel with short-term and long-term mitigation strategies, including specific upgrade recommendations for each selected vulnerability. Sources are provided when viewing mitigation and upgrade recommendations for individual vulnerabilities, enabling further research and validation.

Additionally, Helm automatically detects and displays which technology stacks (Windows, Redhat, SQL, Git, GRPC, WordPress, and many more) are impacted by each vulnerability. Click these technology stack tags to open the vulnerability details modal, which includes an AI recommendations section with detailed information about affected tech stacks, upgrade recommendations, and short-term mitigations, all backed by source documentation. This beta functionality requires manual activation: click the Columns link in the vulnerabilities table, then enable the Impacted tech stacks column to view this information.

Prioritize what vulnerabilities to focus on

You can easily stay on top of new and updated vulnerabilities:

To ensure you're focusing on the most exploitable vulnerabilities:

Filter on most impactful vulnerabilities

Once you've rescored your vulnerabilities, filter down on those that have a combination of high CVSS scores with high exploitability (EPSS) scores and that have exploits or threats.

You can filter on the following exploit and threat information for vulnerabilities that:

  • are on the CISA KEV list

  • are in the Exploit Database

  • have a Metasploit toolkit available

  • meet the criteria of the top 25 CWE list

  • have a particular EPSS threshold: Enter a number, such as 80, into the EPSS filter. This will return any vulnerabilities with an EPSS score of 80% or above.

Bulk remediate vulnerabilities

Bulk remediate vulnerabilities within a product, across products, or target a particular component's vulnerabilities with the click of a button, enabling you to speed triage and ensure remediation consistency of particular vulnerabilities across your product portfolio.

Check for updates to a vulnerability

If you’ve previously assessed a vulnerability, you can turn on the Date updated column to see whether there have been any updates.

Check for new vulnerabilities

If you've turned on vulnerability email notifications, Helm will automatically send you emails whenever there is a new vulnerability.

PreviousManage vulnerabilitiesNextGet email notifications for new vulnerabilities

Last updated

Was this helpful?