building-vulnerability-scanning-workflow

# Building Vulnerability Scanning Workflow ## When to Use Use this skill when: - SOC teams need to establish or improve recurring vulnerability scanning programs - Scan results require prioritization beyond raw CVSS scores using asset context and threat intelligence - Vulnerability data must be integrated into SIEM for correlation with exploitation attempts - Remediation tracking needs formalization with SLA-based dashboards and reporting **Do not use** for penetration testing or active exploitation — vulnerability scanning identifies weaknesses, penetration testing validates exploitability. ## Prerequisites - Vulnerability scanner (Tenable Nessus Professional, Qualys VMDR, or OpenVAS/Greenbone) - Asset inventory with criticality classifications (business-critical, standard, development) - Network access from scanner to all target segments (agent-based or network scan) - SIEM integration for scan result ingestion and correlation - Patch management system (WSUS, SCCM, Intune) for remediation tracking ## Workflow ### Step 1: Define Scan Scope and Scheduling Create scan policies covering all asset types: **Nessus Scan Configuration (API):** ```python import requests nessus_url = "https://nessus.company.com:8834" headers = {"X-ApiKeys": f"accessKey={access_key};secretKey={secret_key}"} # Create scan policy policy = { "uuid": "advanced", "settings": { "name": "SOC Weekly Infrastructure Scan", "description": "Weekly credentialed scan of all server...