Coverage principle: the portal is strongest at organizing vulnerability intelligence and workflows. It is not a replacement for asset inventory, EDR/SIEM telemetry, vendor support, change management, or risk acceptance systems.
Coverage Map
Know what the portal covers well and where validation is still needed.
Use this page to set expectations. Vuln Signal is broad, but some views are live-derived, some are heuristic, and some questions still require asset inventory, vendor portals, SIEM data, or manual confirmation.
Strong
Workflowtriage, evidence, handoff, tracking, reportingPartial
Signallive-derived risk lenses and source freshnessExternal
Proofasset exposure, telemetry, vendor confirmationRule
Validatedo not treat coverage as confirmationStrong Coverage
Where Vuln Signal should be useful immediately
Vulnerability triage workflows
Role Paths, Decision Matrix, Evidence Checklist, Handoff Center, Action Tracker, and Brief Builder provide a complete operational path from signal to follow-up.
Patch and mitigation decision support
Patch Watch, Patch Window, Exception Register, No Patch, Mitigation Operations, KEV, Urgent Week, and Playbooks help teams choose safe next actions.
Hands-on analyst utilities
Tools cover IOC extraction, normalization, CVSS, exposure checks, CPE, JWT, DNS, TLS, email, logs, Sigma, hunt queries, YARA, and common formatting tasks.
Trust and release transparency
Status, Trust Review, Methodology, Metrics Catalog, Diagnostics, Quality Center, and this Coverage Map make assumptions and maintenance checks visible.
Partial Coverage
Useful lenses that still require confirmation
Live-derived
Threat Map and strategic hubs
These views summarize loaded records and inferred pressure. They are not packet telemetry or proof of active attacks against your environment.
Heuristic
Ransomware, identity, appliance, and exploit-chain relevance
These views use keywords, structured fields, and scoring logic. Treat them as starting points for validation.
Source-dependent
Freshness and confidence
Feed health, source freshness, and confidence language depend on current API and upstream source availability.
Local-only
Saved work and tracking
Saved notes, triage states, compare queues, and action tracking are stored in the browser, not a shared team backend.
Not Covered Directly
Questions that need another system or human validation
Asset truth
Use CMDB, EASM, cloud inventory, endpoint inventory, or owner confirmation to prove product, version, exposure, and ownership.
Attack evidence
Use SIEM, EDR, firewall, identity, proxy, DNS, and application logs to prove exploitation attempts or compromise.
Vendor commitments
Use vendor advisories, support cases, release notes, and patch supersedence documentation for authoritative remediation guidance.
Risk acceptance
Use Exception Register for portal guidance, then your governance system for formal approvals, expiry dates, compensating controls, and audit evidence.
Recommended next move: when coverage is partial, use Evidence Checklist and Trust Review before sending a handoff.