#Viewing and Addressing Vulnerabilities

Alauda Security Service provides several views for discovering, prioritizing, and addressing vulnerabilities in workloads, platform components, and nodes.

#Results Page Overview

The main vulnerability entry point is Vulnerability Management > Results.

In the current UI, the Results area includes these primary views:

• User Workloads
• Platform
• Nodes
• More Views

For the selected view, the page also provides status tabs such as:

• Observed
• Deferred
• False positives

The Results page is designed for triage. Typical controls include:

• filter chips
• entity selection such as CVE
• severity and status filters
• More Views
• Columns
• Bulk actions
• Create report
• Manage watched images

The current results table can show fields such as:

• CVE
• Images by severity
• Top CVSS
• Top NVD CVSS
• EPSS probability
• Affected images
• First discovered
• Published
• Request details

When the current filters match live data, the filtered summary bar also shows the current totals for CVEs, Images, and Deployments in scope, and the table lists matching CVE rows for the selected view.

#User Workloads

The User Workloads view focuses on vulnerabilities in deployed workloads and images.

Use this view to:

• review currently observed workload vulnerabilities
• switch between deferred and false-positive states
• narrow findings by severity, status, and other filters
• create reports from the current working view

#Steps

1. Go to Vulnerability Management > Results.
2. Select User Workloads.
3. Choose one of the state tabs:
   • Observed
   • Deferred
   • False positives
4. Apply filters to narrow the findings.
5. Review the summarized counts for CVEs, images, and deployments in the filtered view.
6. Review the resulting CVE rows, including score, image impact, discovery time, and publication metadata.

#Platform

The Platform view focuses on vulnerabilities in platform components and other platform-defined workloads.

Platform workload classification is influenced by the platform component configuration in Platform Configuration > System Configuration.

Use this view when you want to separate platform findings from user workload findings.

#Nodes

The Nodes view focuses on vulnerabilities associated with cluster nodes.

Use this view to review node-level findings separately from workload and platform vulnerabilities.

#More Views

Use More Views when you need alternative perspectives on vulnerability data, such as watched images, inactive images, or other specialized result sets.

#Exception Management

The exception workflow is handled in Vulnerability Management > Exception Management.

In the current UI, the page includes these tabs:

• Pending requests
• Approved deferrals
• Approved false positives
• Denied requests

Use this page to review and manage vulnerability exception requests instead of working only from the Results view.

The current exception table includes:

• Request name
• Requester
• Requested action
• Requested
• Expires
• Scope
• Requested items

#Vulnerability Reporting

Use Vulnerability Management > Vulnerability Reporting when you need recurring or downloadable reports for vulnerability findings.

The reporting area includes:

• Report configurations
• View-based reports

#Addressing Vulnerabilities

Common ways to address findings include:

• rebuilding or replacing vulnerable images
• updating affected packages or components
• deferring a finding for a limited period
• marking a finding as a false positive through the exception workflow
• narrowing scope with filters to focus on the most important issues first

#Best Practices

• Start in User Workloads for day-to-day remediation work.
• Use Platform and Nodes to separate platform and infrastructure issues from application issues.
• Use Deferred and False positives tabs to understand accepted or reviewed findings.
• Use Exception Management for lifecycle control of exception requests.
• Use Create report or Vulnerability Reporting when findings need to be shared or tracked outside the UI.