Furl Vulnerability Scanner
Built-in vulnerability detection that cross-references software inventory collected by the Furl agent against the National Vulnerability Database (NVD) — no external scanner required.
Description
Section titled “Description”The Furl Vulnerability Scanner detects known CVEs by matching the software your agents see against published NVD entries. Use it as your primary scanner if you don’t run Rapid7, Qualys, Tenable, or another commercial product, or use it alongside them to fill gaps in coverage.
This integration requires the Furl agent to be installed on the endpoints you want to scan. There is no API connection or credentials to configure.
Supported Capabilities
Section titled “Supported Capabilities”Datasources
Section titled “Datasources”- Software Vulnerabilities → Matches agent-collected software inventory against NVD entries to produce vulnerability findings and definitions in the context graph.
The datasource emits both vulnerabilities (per-asset findings) and vulnerability_definitions (CVE metadata) outputs.
Actions
Section titled “Actions”Currently no actions are supported for this integration.
Troubleshooting
Section titled “Troubleshooting”- Make sure the Furl agent is installed and reporting software inventory. Without inventory data, the scanner has nothing to match against.
- Vulnerability matches depend on accurate software vendor, product, and version metadata in NVD’s CPE dictionary. Some non-mainstream packages may match imperfectly.
- The reference NVD dataset is updated by Furl on a recurring schedule; new CVEs typically appear within 24 hours of NVD publication.