Skip to content

Vulnerability Management Hub

NodeZero's Vulnerability Management Hub is a powerful set of tools designed to help security teams seamlessly Fix and Verify weaknesses uncovered during autonomous pentests. As part of the FFV (Find, Fix, Verify) 2.0 initiative, the Remediations Hub simplifies workflows, improves clarity, and supports automation across vulnerability lifecycle management.

Overview

The Vulnerability Management Hub introduces new capabilities specifically built for Fixers and Verifiers to:

  • Prioritize and take action on high-risk weaknesses
  • Track remediation and verification progress
  • Integrate with existing ticketing and workflow systems (e.g. ServiceNow, Jira)
  • Provide audit-ready evidence of mitigation or remediation

Key Features

Vulnerability Management Page

A centralized view that organizes all discovered weaknesses and their current fix/verify status. This serves as the main workspace for Fixers and Verifiers.

  • Filter and sort by severity, asset, status, or remediation type
  • See grouped weaknesses tied to common fixes (e.g., 1-Click Verify)
  • Inline actions: add notes, dispatch tickets, mark as verified

Dashboard

Asset Detail Modal

Clicking on an asset opens a modal view with:

  • Associated weaknesses by risk level
  • Status of remediation/verification
  • Related notes or actions

Asset Detail

Weakness Detail Modal

Dive deeper into a specific weakness with:

  • Exploitation evidence and contextual attack path details
  • Clear remediation guidance (e.g., patch, config, mitigation)
  • Verification status and fix history

Impact Detail Modal

Understand the broader impact of unresolved weaknesses:

  • What could happen if the issue isn't addressed
  • Which assets or business units are affected

Add Notes

Leave internal context for team collaboration:

  • Note types: remediation notes, verification status, assumptions, blockers
  • Notes persist across assets and weaknesses for traceability

Add Notes

Bulk 1-Click Verify

Group related weaknesses with a single common fix:

  • Apply fix or verification to all grouped weaknesses at once
  • Helps speed up MTTR and improve clarity on shared vulnerabilities

1-Click Verify

How to Use Ticketing in NodeZero

The Ticketing feature allows you to seamlessly create and manage issues in external platforms like ServiceNow or Jira directly from the NodeZero Vulnerability Management Hub. You can dispatch tickets from NodeZero to your integrated ticketing system, and each ticket will include details such as the weakness name, description, assets affected, fix actions, and any additional notes. This ensures that the most important vulnerability context is transferred into your workflow without manual copy-paste.

This gives you full control over which findings are tracked, while keeping statuses automatically updated if webhook integrations are configured.

Prerequisites

Before using Ticketing, ensure the following are in place:

  • Your organization has integrated Jira or ServiceNow with NodeZero
  • You have the correct permissions in both NodeZero and the external system
  • (Optional but recommended) Configure the webhook integration so that ticket status changes in Jira/ServiceNow automatically sync back to NodeZero. Without the webhook, you'll need to manually sync statuses

For setup instructions, see:

Creating a ticket

You control exactly which weaknesses are turned into tickets. To create one:

  1. In the VMH table, select a weakness that you want to track.
  2. Open the action menu (three dots ⋮)
  3. Choose "Create Ticket"
  4. A modal will appear allowing you to:
    • Edit the Ticket Name
    • Add any additional notes (optional)
  5. Click "Dispatch Ticket". The ticket will now be generated in the external system

Create Ticket

Viewing and Managing Tickets

Once tickets are created:

  • Navigate to the "Ticketing" sub-tab inside VMH.
  • You will see:
    • Ticket ID and link to Jira/ServiceNow
    • Current ticket status (e.g., Open, In Progress, Closed)
    • The weakness associated with the ticket

Ticketing Page

Keeping Status Updated

If your organization has set up the webhook integration:

  • Status changes in Jira/ServiceNow are automatically synced back into NodeZero
  • You'll see these updates reflected in the Ticketing sub-tab without manual action

If the webhook is not configured, NodeZero will not be automatically updated — you'll need to open the action menu (three dots ⋮) and click "Sync Ticket Status", or check the external system directly.

Common Use Cases

  • Per-finding tickets: Create tickets only for high-priority weaknesses (no auto-creation).
  • Tracking remediation progress: Monitor open/closed status from NodeZero without switching between tools.
  • Audit trail: Maintain a single place where vulnerabilities and their associated tickets are visible.

Best Practices

  • Use ticketing selectively — not every weakness requires a ticket. Focus on high-severity issues.
  • Configure the webhook for smooth synchronization.
  • Use the filters in VMH to quickly find weaknesses that don't yet have tickets.
  • Regularly review the Ticketing sub-tab to ensure no issues fall through the cracks.