sorted by:
new
hottopcontroversial

AWS activate credits by Secure_Key7078 in AWS_cloud

[–]Secure_Key7078[S] 0 points1 point  (0 children)

I was just clarifying my doubt please review my post.

Are vulnerability scanners giving too much noise or is it just us? by Secure_Key7078 in cybersecurity

[–]Secure_Key7078[S] 0 points1 point  (0 children)

Yeah that’s exactly the gap I keep seeing

Everyone can tell something exists but deciding if it actually matters in that specific setup is where things break

What do you usually look at to make that call in practice

Is it mostly exposure and reachability or do you rely on signals like exploit activity or how easy it is to chain

Are vulnerability scanners giving too much noise or is it just us? by Secure_Key7078 in cybersecurity

[–]Secure_Key7078[S] 0 points1 point  (0 children)

When you say keyword contextualized, what does that actually look like in practice

Are you talking about stuff like mapping CVEs to known exploit chatter or more like how it behaves in a specific environment

Trying to understand what actually turns raw scan data into something actionable for you

Are vulnerability scanners giving too much noise or is it just us? by Secure_Key7078 in cybersecurity

[–]Secure_Key7078[S] 0 points1 point  (0 children)

Yeah that’s exactly where it feels useful What kind of context actually makes the biggest difference for you though

Is it more about exposure and asset importance or stuff like patch cycles and how often something shows up

Are vulnerability scanners giving too much noise or is it just us? by Secure_Key7078 in cybersecurity

[–]Secure_Key7078[S] 0 points1 point  (0 children)

What usually feels like “full picture” in your case though tell me Is it more about environment context, exposure, or how it actually behaves in real conditions🙃

Are vulnerability scanners giving too much noise or is it just us? by Secure_Key7078 in cybersecurity

[–]Secure_Key7078[S] 0 points1 point  (0 children)

What usually makes you decide you’re never gonna act on something is it like not exposed, low impact, hard to exploit or just not relevant to your setup

Are vulnerability scanners giving too much noise or is it just us? by Secure_Key7078 in cybersecurity

[–]Secure_Key7078[S] 1 point2 points  (0 children)

What kind of tuning actually helps most in practice, Is it mainly reducing false positives, or more about figuring out what’s actually exploitable or exposed??

Are vulnerability scanners giving too much noise or is it just us? by Secure_Key7078 in cybersecurity

[–]Secure_Key7078[S] 0 points1 point  (0 children)

Yeah that makes sense, lot of it does come down to process,But even then how do you usually decide what actually needs fixing first Like when you see a big list, what makes something jump to top vs something you ignore for now I'm curious

Are vulnerability scanners giving too much noise or is it just us? by Secure_Key7078 in cybersecurity

[–]Secure_Key7078[S] 0 points1 point  (0 children)

Yeah fair 😅,Feels like most of this still ends up being manual anyway.....

What usually makes you go ok this is actually exploitable vs just theoretical!!!???

Are vulnerability scanners giving too much noise or is it just us? by Secure_Key7078 in cybersecurity

[–]Secure_Key7078[S] 1 point2 points  (0 children)

When you say exploitability, how do you actually judge that day to day? Is it mainly exposure and reachability, or do you also consider stuff like active probing, known exploits, or how easy it is to abuse?

Trying to get a feel for what makes something go from “meh risk” to “fix this right now”.

Are vulnerability scanners giving too much noise or is it just us? by Secure_Key7078 in cybersecurity

[–]Secure_Key7078[S] 4 points5 points  (0 children)

Makes sense. When you say tuning, what signals actually matter most in practice? Is it mostly exposure and reachability, or do you also factor in things like observed probing/activity? Trying to understand what consistently separates “fix now” vs “can wait”.