Contact Us

How the CMDB supports Vulnerability Management

A Configuration Management Database (CMDB) can support Vulnerability Management by providing context — not just when issues arise, but also to prevent them. It helps you understand how assets are connected, what services they support, and who’s responsible.

Talk to our Sales team

Connect with an expert to see how InvGate can help you.

Talk to Sales

In InvGate Asset Management, we use Business Applications (BAs) to group related assets into service views. This helps visualize risk, assess impact, and track vulnerable components. In this post, we’ll show you how to support your Vulnerability Management efforts by:

  1. Creating Business Applications to visualize your risk surface.
  2. Inspecting asset profiles to assess exposure and ownership.
  3. Building dashboards to track vulnerability-related metrics.

#1. Create Business Applications to visualize your risk surface

Business Applications in InvGate Asset Management let you group related configuration items (CIs) into visual structures that reflect your real services. This helps you simulate risk, understand dependencies, and plan ahead – before vulnerabilities hit.

For instance, you might group all the components that store and process customer data (like a web server, database, and backup storage) into a single Business Application. That way, you can quickly assess exposure and prioritize remediation when a vulnerability surfaces.

Step 1: Create a Business Application

  1. Click the green “+” button in the top-right corner to add CIs.
  2. Click Business Application and fill in the required fields:
    1. Name: “Customer Data Services”.
    2. Owner: Search for the person responsible for this group of assets.
    3. Location: Select the corresponding location.
    4. Tags: Optionally add tags like “Sensitive Data” or “High Risk”.
  3. Click Save to create the Business Application.

Step 2: Add configuration items

  1. Go to the diagram section and click the “+” button in the bottom-right corner to add CIs.
  2. Search for the relevant assets (for instance, a web server, a customer database, and a backup storage system).
  3. Click Add to include them in your Business Application.

Note: There’s no limit to how many CIs you can include. Whether you’re mapping a single app or a full production environment, the goal is to capture everything that could be vulnerable.

Step 3: Link the configuration items

  1. Once your CIs are in place, it’s time to define how they interact. Click any CI and set the following:
    1. Relationship type (e.g., Connected To, Consumes, Contains, etc.).
    2. The related assets.
    3. Criticality level (Low, Medium, or High).
  2. Click the Save icon to confirm each link.

This helps you understand how vulnerabilities in one component might ripple through the service – and which assets are most critical to protect.

#2. Inspect configuration items to assess exposure and ownership

Once your BAs are set up, you can use the CMDB to inspect individual assets and understand how vulnerable they are, who owns them, and where they fit in your infrastructure.

To inspect a CI:

  1. Go to CMDB.
  2. Click your chosen Business Application.
  3. From the diagram or list, select the asset you want to analyze.

You’ll access the full CI profile, which will vary depending on the asset type – but all the information is valuable to assess its specific vulnerability. Each detail helps you understand the asset’s role in your infrastructure and prioritize remediation accordingly.