This document covers how to:
- Maintain a single or a few healthy applications/services
- Identify the most urgent vulnerabilities in your software stack
- Understand the severity of vulnerabilities
- Surface tasks from your security team in your daily workflow so it's easy to deliver more secure software with less toil.
If this workflow doesn't sound like you, check out our document on managing vulnerabilities as a security team.
Prerequisites
Vulnerability data sent through one of our integrations.
Maintain the vulnerability health of your application
Once vulnerability data starts flowing into New Relic, you can access your data through various scoped views.
To monitor the health of specific applications or services, use our entity scoped view by navigating to one.newrelic.com > All capabilities > APM & services > (select an entity) > Triage > Vulnerability Management. For a larger scope, see our document on managing vulnerabilities as a security team.
one.newrelic.com > All capabilities > APM & services > (select an entity) > Triage > Vulnerability Management
The security summary page for an entity gives you a high level overview of the security of your application or service. Curated dashboards provide you an overall security of your application or service, including:
- Total vulnerabitities
- Vulnerability exposure window
- Top 5 vulnerabitites in accordance with the priority rankings
- Vulnerability breakdown by type
- Libraries severity breakdown
- Top library upgrades
Triage, prioritize, and remediate vulnerabilities
To view all vulnerabilities open for your service or application, select the Vulnerabilities tab from the entity security overview page:
one.newrelic.com > All capabilities > APM & services > (select an entity) > Triage > Vulnerability Management > Vulnerabilities
This page shows you all open vulnerabilities and allows you to filter them by attributes such as severity and source. Clicking on a specific vulnerability provides detailed information about its severity, sources, vulnerability status change logs, and many more.
one.newrelic.com > All capabilities > APM & services > (select an entity) > Triage > Vulnerability Management > Vulnerabilities, click a vulnerability.
Set up vulnerability alerts
Set up through Slack or a Webhook to receive notifications when vulnerabilities of a set severity appear.
On any vulnerability management screen, select Manage security notifications
one.newrelic.com > All capabilities > APM & services > (select an entity) > Triage > Vulnerability Management > Vulnerabilities, click on Manage Security Notifications.
one.newrelic.com > All capabilities > APM & services > (select an entity) > Triage > Vulnerability Management > Vulnerabilities > Manage Security Notifications.
Set up a Slack alert
- Select Add a Slack.
- Under Slack settings, select a destination or create one by clicking .
- Under Slack settings, select a channel to send your notifications to.
- Under Notification rules, configure rules to receive notifications for vulnerabilities of different severity levels.
Set up a webhook alert
- Select Add a Webhook.
- Under Webhook settings, select a destination or create one by clicking . Learn more about creating a webhook destination here.
- Under Webhook settings, create a channel name.
- Under Notification rules, configure rules to receive notifications for vulnerabilities of different severity levels.