Vulnerability Dashboards
Aggregate CVE data across your fleet with severity and ExPRT ratings.
Hunt Vulnerabilities
Vulnerability management at enterprise scale means more than scanning. You need continuous visibility into CVEs across every endpoint, prioritization that accounts for real-world exploitability (not just CVSS scores), and the ability to track remediation progress over time. Spotlight provides the data. The Falcon APIs, SDKs, and AI tooling let you build on top of it.
Remediation Tracking
Monitor patch progress by host group, OS, or business unit.
Risk Prioritization
Rank vulnerabilities by exploitability, not just CVSS score.
Compliance Reporting
Map vulnerability status to regulatory requirements.
ITSM Integration
Feed Falcon vulnerability data into third-party ITSM or patching systems.
Exposure Analysis
Identify externally facing assets with critical vulnerabilities.
API Service Collections
Section titled “API Service Collections”Vulnerability Management
Section titled “Vulnerability Management”The core APIs for querying and managing vulnerability data across your environment.
- Spotlight Vulnerabilities - Query CVE findings across your endpoint fleet. Filter by severity, ExPRT rating, host group, OS, or remediation status.
- Spotlight Evaluation Logic - Access the evaluation rules Spotlight uses to assess whether a host is vulnerable.
- Spotlight Vulnerability Metadata - Retrieve detailed CVE metadata including descriptions, references, and affected products.
- Exposure Management - Assess your external attack surface and identify exposed assets.
Supporting APIs
Section titled “Supporting APIs”- Hosts - Correlate vulnerability data with host details, sensor versions, and containment status.
- Host Group - Group hosts for targeted vulnerability reporting by business unit or location.
- Scheduled Reports - Automate recurring vulnerability reports delivered to stakeholders.
- Report Executions - Track and retrieve completed report runs.
Developer Resources
Section titled “Developer Resources”Falcon MCP
Section titled “Falcon MCP”The Falcon MCP Spotlight module searches vulnerabilities by CVE, severity, ExPRT rating, hostname, and remediation status through AI assistants. Ask “which hosts have CVE-2024-XXXX” or “show me critical vulnerabilities with ExPRT ratings above 80” through Claude Desktop, VS Code, or Gemini CLI.