Performing Endpoint Vulnerability Remediation

When to Use

Use this skill when:

• Remediating vulnerabilities identified by scanners (Nessus, Qualys, Rapid7)
• Responding to zero-day CVE advisories requiring immediate patching
• Maintaining compliance with patch management SLAs (critical within 14 days, high within 30 days)
• Building a prioritized remediation plan from vulnerability scan results

Do not use this skill for vulnerability scanning itself (use scanning tools) or for application-layer vulnerability remediation (use DevSecOps processes).

Prerequisites

• Vulnerability scan results (Nessus, Qualys, or Rapid7 export in CSV/XML format)
• Patch management platform (WSUS, SCCM, Intune, or third-party like Automox)
• Administrative access to target endpoints or deployment infrastructure
• Change management process for production endpoint patching
• Testing environment for patch validation before production rollout