* [Blog](https://www2.paloaltonetworks.com/blog)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/category/cloud-security/)
* Analyze Vulnerabilities (...

# Analyze Vulnerabilities (CVEs) with Confidence

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fvulnerability-management-intelligence-stream%2F)  
[](https://twitter.com/share?text=Analyze+Vulnerabilities+%28CVEs%29+with+Confidence&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fvulnerability-management-intelligence-stream%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fvulnerability-management-intelligence-stream%2F&title=Analyze+Vulnerabilities+%28CVEs%29+with+Confidence&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/vulnerability-management-intelligence-stream/&ts=markdown)  
\[\](mailto:?subject=Analyze Vulnerabilities (CVEs) with Confidence)  
Link copied  
By [RD Singh](https://www.paloaltonetworks.com/blog/author/rd-singh/?ts=markdown "Posts by RD Singh") and [Mohit Bhasin](https://www.paloaltonetworks.com/blog/author/mohit-bhasin/?ts=markdown "Posts by Mohit Bhasin")  
Aug 28, 2024  
4 minutes  
[Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)  
[Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)  
[CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown)  
[Vulnerability Management](https://www.paloaltonetworks.com/blog/cloud-security/category/vulnerability-management/?ts=markdown)

Common Vulnerabilities and Exposures (CVEs) are publicly disclosed security flaws that threat actors can exploit to gain unauthorized access to applications, systems or networks. In cloud environments, they're particularly concerning due to the complex and dynamic nature of cloud infrastructure. CVEs can persist in cloud-based applications, containers and operating systems until an organization actively identifies and remediates them.

For many organizations, a critical first step in securing cloud and [containerized](https://www.paloaltonetworks.com/cyberpedia/containerization) environments is to discover and patch CVEs before bad actors can exploit them.

Establishing a reliable [cloud vulnerability management](https://www.paloaltonetworks.com/cyberpedia/vulnerability-management) program is essential for timely risk identification and mitigation. But managing vulnerabilities at scale is an uphill battle. (That's why a few weeks ago we laid out some [vulnerability management best practices](https://www.paloaltonetworks.com/blog/prisma-cloud/managing-vulnerabilities-part-one/)!)

A good metric to determine the accuracy of a vulnerability scan is to count the number of false positives and false negatives. Fewer false positives and false negatives indicate a more accurate scan.

* False positive (FP): When a scan result indicates a program and library is vulnerable to a CVE, but it's not. FPs can lead to wasted resources as security teams investigate and address issues that aren't actual threats.
* False negative (FN): When a scan result doesn't indicate the software is vulnerable, and it is. This oversight can leave vulnerabilities unaddressed, posing a risk to security.

## Intelligence Stream

The Prisma Cloud Intelligence Stream is a real-time feed that aggregates vulnerability data and threat intelligence from certified sources like vulnerability databases, vendor feeds and commercial providers. It includes both official feed data and additional insights from a dedicated research team that tracks and identifies new and quietly patched vulnerabilities. The stream automatically updates multiple times daily.

Aggregating data from more than 30 upstream providers, the Intelligence Stream combines open-source feeds, private threat intelligence and commercial sources to deliver the most accurate and comprehensive CVE data. By incorporating diverse data sources, further refining vulnerability accuracy, it significantly reduces the occurrence of false positives and negatives. This approach enables organizations to maintain a secure cloud environment with greater confidence.

## National Vulnerability Database

The [National Vulnerability Database (NVD)](https://nvd.nist.gov/) provides a comprehensive repository of standardized vulnerability information, including detailed descriptions and severity ratings. It offers a searchable database of known vulnerabilities and associated security metrics, helping organizations assess and manage risks. The NVD supports the cybersecurity community by providing up-to-date information for threat analysis and vulnerability management.

Many vendors use the NVD as their source data for detecting vulnerabilities. As discussed, this can generate many false positives and false negatives because the data lacks context into other risk factors associated with the application's vulnerabilities. Because vulnerabilities don't always affect operating systems similarly, what may be a critical vulnerability for Ubuntu may not affect Debian, for example.

## Identifying FP and FN with Prisma Cloud

To determine if a vulnerability is a false positive or false negative using Prisma Cloud:

1. Start with a single CVE.
2. Determine the operating system of the container image or host operating system.
3. Validate the CVE with the vendor's official security site.
   1. Is this operating system affected by this CVE?
   2. Which versions of the packages are vulnerable to this operating system?
4. Determine which version of the library was found using the Package Info tab.
5. Ensure that Prisma Cloud's CVE Viewer shows the same vulnerable versions as the vendor.
6. Determine if it's a false positive or false negative.

**Example**

1. Navigate to Monitor -\> Vulnerabilities -\> Vulnerability Explorer

2. Search for a CVE and click on the displayed result.
   ![Vulnerability Explorer CVE search](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/08/figure-1-png.png)
   Figure 1: Vulnerability Explorer CVE search

3. Select the image.
   ![CVE details](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/08/figure-2-png.png)
   Figure 2: CVE details

4. Navigate to the Package Info tab and search for library, libssh2.
   ![Image packages](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/08/figure-3-png.png)
   Figure 3: Image packages

5. Ensure that Prisma Cloud's CVE Viewer shows the same vulnerable versions as the vendor.

6. Navigate to Monitor -\> Vulnerabilities -\> CVE Viewer

7. Search for the CVE ID. In this case, the CVE is associated with an Amazon package (Ref: [CVE-2020-22218](https://alas.aws.amazon.com/cve/html/CVE-2020-22218.html)).
   ![CVE viewer](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/08/figure-4-png.png)
   Figure 4: CVE viewer

8. Compare the OS and package information with the vendor CVE. Everything should match on established CVEs. New CVEs not fully characterized may show a mismatch, as the vendor research is incomplete.

## Learn More

For detailed guidance on optimizing vulnerability detection and management with Prisma Cloud, explore the [Intelligence Stream Documentation](https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/intelligence-stream). If you'd like to learn more about what Prisma Cloud can do, [book a personalized demo](https://www.paloaltonetworks.com/prisma/cloud/request-a-prisma-cloud-demo).

*** ** * ** ***

## Related Blogs

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [KSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/kspm/?ts=markdown)

[#### Anatomy of a Kubernetes Attack: How Cortex Cloud Provides End-to-End Protection](https://www2.paloaltonetworks.com/blog/cloud-security/kubernetes-attack-detection-response/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Vulnerability Management](https://www.paloaltonetworks.com/blog/cloud-security/category/vulnerability-management/?ts=markdown)

[#### Code to Cloud Security: July Prisma Cloud Updates Overview](https://www2.paloaltonetworks.com/blog/cloud-security/cnapp-product-updates-july/)

### [Announcement](https://www.paloaltonetworks.com/blog/cloud-security/category/announcement/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Code to Cloud to SOC](https://www.paloaltonetworks.com/blog/cloud-security/category/code-to-cloud-to-soc/?ts=markdown)

[#### Introducing Cortex Cloud 2.0: Smarter Cloud Security for an AI-Driven World](https://www2.paloaltonetworks.com/blog/cloud-security/cloud-security-platform-cortex-cloud-2-0/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Cloud-Native Application Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-application-protection-platform/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown)

[#### How Auto-Remediation Shifts the Odds in Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/auto-remediation-cnapp/)

### [Cloud Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-detection-and-response/?ts=markdown), [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown)

[#### Taking Cloud Security from Visibility to Prevention with eBPF](https://www2.paloaltonetworks.com/blog/cloud-security/ebpf-cloud-security-real-time-protection/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Code to Cloud](https://www.paloaltonetworks.com/blog/cloud-security/category/code-to-cloud/?ts=markdown)

[#### Overcoming Cloud Security Consolidation Challenges](https://www2.paloaltonetworks.com/blog/cloud-security/cloud-security-consolidation-challenges/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language