All SkillsGet Started Free
Performing Endpoint Vulnerability Remediation
Performs vulnerability remediation on endpoints by prioritizing CVEs based on risk scoring, deploying patches, applying configuration changes, and validating fixes. Use when remediating findings from vulnerability scans, responding to critical CVE advisories, or maintaining endpoint compliance with patch management SLAs. Activates for requests involving vulnerability remediation, CVE patching, endpoint vulnerability management, or security fix deployment.
MCP get_skill({ skillId: "performing-endpoint-vulnerability-remediation-16c9fde8" })Use this skill with your agent
Create a free account and connect via MCP
# Performing Endpoint Vulnerability Remediation
## When to Use
Use this skill when:
- Remediating vulnerabilities identified by scanners (Nessus, Qualys, Rapid7)
- Responding to zero-day CVE advisories requiring immediate patching
- Maintaining compliance with patch management SLAs (critical within 14 days, high within 30 days)
- Building a prioritized remediation plan from vulnerability scan results
**Do not use** this skill for vulnerability scanning itself (use scanning tools) or for application-layer vulnerability remediation (use DevSecOps processes).
## Prerequisites
- Vulnerability scan results (Nessus, Qualys, or Rapid7 export in CSV/XML format)
- Patch management platform (WSUS, SCCM, Intune, or third-party like Automox)
- Administrative access to target endpoints or deployment infrastructure
- Change management process for production endpoint patching
- Testing environment for patch validation before production rollout
## Workflow
### Step 1: Import and Prioritize Vulnerability Findings
```
Priority scoring combines:
1. CVSS Base Score (0-10)
2. EPSS (Exploit Prediction Scoring System) - probability of exploitation
3. CISA KEV (Known Exploited Vulnerabilities) catalog membership
4. Asset criticality (business impact of affected endpoint)
5. Network exposure (internet-facing vs. internal)
Priority Matrix:
P1 (Critical - 14 days SLA):
- CVSS >= 9.0 OR
- Listed in CISA KEV OR
- Active exploitation in the wild + CVSS >= 7.0
P2 (High - 30 days SLA):
- CVSS 7.0-8.9 AND
- EPSS > 0.5 (50% probability of exploitation)
P3 (Medium - 60 days SLA):
- CVSS 4.0-6.9 OR
- CVSS 7.0-8.9 with EPSS < 0.1
P4 (Low - 90 days SLA):
- CVSS < 4.0 AND
- No known exploit
```#mukul-cybersecurity-skills#security#cybersecurity#vulnerability#management