Security events provide a centralized feed of external breaches, zero-day exploits, and emerging threats that may impact your supply chain.
Security incidents often surface first in fragmented sources such as news coverage, breach reporting, and hacker forums. By the time teams manually connect those signals to vendors, products, or vulnerabilities, valuable response time can be lost.
By mapping fragmented signals, such as hacker forums and news reports, directly to your existing vendors and findings data, the platform lets you quickly assess potential impact and decide whether further investigation is needed.
Navigating the feed
The Security events page is designed as a feed of active events, helping teams quickly scan for new developments and focus on events that may require attention.
Each event can include one or more sources. Information extracted from these sources is then mapped to existing SecurityScorecard data using signals such as:
- Company names mapped to vendors
- CVEs mapped to findings
- Products mapped to organizations or product detections
Each event card summarizes the "who, what, and when" of a potential threat:
- Priority indicators
Use event tags to distinguish between confirmed incidents and unverified chatter.- If a breach is confirmed, you will see a Compromise tag with a Breach subtype.
- If the breach is alleged, you will see a Threat tag with a Hacker Chatter subtype.
- Event status
The status badge indicates the current state of the event: Active means the event is ongoing, Investigating means it is under review, and Closed means it has been resolved.
- Impact summary
The "Impact" row displays the logos of vendors in your portfolio mapped to the event, showing up to three logos with an overflow count for additional vendors, and a total count of all affected vendors. It also shows the number of confirmed impacted individuals (red triangle) and potentially affected individuals (circle).
Investigate a security event
Selecting an event from the Security events feed opens the event details page, where you can review the available information and assess potential impact across your vendors.
The event details page consolidates the external reporting, mapped vendor relationships, and investigation progress in one place.
Key sections include:
- Description
A summary of the event based on the available sources, including details about the vulnerability, attack, or breach being reported.
- Impact summary
Provides a portfolio-level view of how the event affects your vendors. It includes three subsections:- Vendor impact translation: The number of vendors with confirmed exposure (red triangle) and potential exposure (circle) linked to the event.
- Response progress: A progress bar showing how many vendors have responded, have a pending response, or have not yet been contacted, along with the last activity date.
- Impact result: A donut chart breaking down vendors by outcome (Not impacted, Impacted, and Potentially impacted).
- Timeline
A chronological view of when the event was first detected and when new sources or intelligence were added.
- Sources
The external articles, advisories, or intelligence sources used to identify and validate the event.
- Vendor impact table
A list of vendors potentially affected by the event, including:- The reasoning for why the vendor is linked to the event
- The current investigation status
- The outcome of the impact analysis
From this view, you can track investigation progress and determine whether the event requires escalation.