performing-endpoint-vulnerability-remediation

# Performing Endpoint Vulnerability Remediation ## When to Use Use this skill when: - Remediating vulnerabilities identified by scanners (Nessus, Qualys, Rapid7) - Responding to zero-day CVE advisories requiring immediate patching - Maintaining compliance with patch management SLAs (critical within 14 days, high within 30 days) - Building a prioritized remediation plan from vulnerability scan results **Do not use** this skill for vulnerability scanning itself (use scanning tools) or for application-layer vulnerability remediation (use DevSecOps processes). ## Prerequisites - Vulnerability scan results (Nessus, Qualys, or Rapid7 export in CSV/XML format) - Patch management platform (WSUS, SCCM, Intune, or third-party like Automox) - Administrative access to target endpoints or deployment infrastructure - Change management process for production endpoint patching - Testing environment for patch validation before production rollout ## Workflow ### Step 1: Import and Prioritize Vulnerability Findings ``` Priority scoring combines: 1. CVSS Base Score (0-10) 2. EPSS (Exploit Prediction Scoring System) - probability of exploitation 3. CISA KEV (Known Exploited Vulnerabilities) catalog membership 4. Asset criticality (business impact of affected endpoint) 5. Network exposure (internet-facing vs. internal) Priority Matrix: P1 (Critical - 14 days SLA): - CVSS >= 9.0 OR - Listed in CISA KEV OR - Active exploitation in the wild + CVSS >= 7.0 P2 (High - 30 days S...