Kikimora pulls vulnerability listings from Tenable and correlates them with what it knows from your clouds and your attack surface, so a CVE is never just a row in a scanner.
Triage Tenable vulnerabilities from one conversation
The integration covers your Tenable vulnerability data and, crucially, what it means in context. A high-severity CVE on an internal box behind three firewalls is not the same as the same CVE on an internet-facing host. The agent filters by severity, asset, and recency, then cross-references against the exposed services it knows about, so the list you act on is ordered by real risk, not just CVSS score. Most vulnerability programs drown in volume, not signal. A raw severity list tells you a thousand things are critical and nothing about which one an attacker can actually reach today. By joining Tenable findings to the exposure data Kikimora already holds, the agent answers the question that matters: of everything critical, what is reachable, and therefore what should you fix first.
What you can do
- List vulnerabilities filtered by severity, asset, or recency.
- Cross-reference findings with exposed services discovered by ASM.
- Use Tenable data as evidence in compliance briefings.
Things you might ask
- “Which critical vulnerabilities affect assets that are actually reachable from the internet?” Reachability is what separates urgent from noise. Our guide on how to find every internet-facing asset you forgot you had explains why exposure context changes the priority order.
- “Show me everything Tenable found in the last week, grouped by host.”
- “Cross-reference these findings with the open ports my external scan turned up.”
Tenable handles the vulnerabilities you scan for across your estate. Pair it with the built-in Qualys WAS integration, which adds web application scanning at no extra license cost, so infrastructure and web findings get triaged in one conversation.
