Introducing Wazuh SCA & Vulnerability Overview Dashboards in CoPilot

We’re excited to share two brand-new features now available inside CoPilot: the Security Configuration Assessment (SCA) Overview and the Vulnerability Overview.

Both are designed to give you faster insights into your overall security posture — not just at the agent level, but across all of your clients from a single dashboard. Our goal remains the same: to make CoPilot your one-stop shop for open-source security operations.

Why We Built These Overview Pages

Traditionally, you could drill down into Wazuh to review SCA scans and vulnerabilities per agent. That functionality isn’t going anywhere. But what was missing was a big-picture view.

With these new overview pages, you can:

• Quickly identify your most and least secure clients
• Filter by customer, endpoint, or compliance score
• Prioritize which systems need attention first

This makes it far easier to get a lay of the land before diving into the details.

🔎 SCA Overview: Compliance at a Glance

The SCA Overview centralizes results from your Security Configuration Assessments across all clients.

Highlights include:

• A scorecard showing your most compliant and least compliant endpoints.
• Visibility into both application-level scans (e.g., IIS benchmarks) and OS-level scans.
• Metadata such as pass/fail/invalid checks per scan, plus the endpoints they were run against.
• Filter options to zoom in on a specific customer, or even stack filters (e.g., show only systems scoring below 60).

This means instead of jumping between agents, you can now assess compliance across your entire footprint in just a few clicks.

🛡 Vulnerability Overview: Real-Time Risk Prioritization

The Vulnerability Overview works in a similar way but focuses on vulnerabilities collected by the Wazuh Manager.

Key benefits:

• Real-time snapshot: Wazuh stores vulnerabilities in its indexer. Once patched, they’re automatically removed, so the dashboard always reflects the current state.
• Integrated EPSS scoring: Vulnerabilities are sorted by Exploit Prediction Scoring System (EPSS), helping you determine which issues to address first.
• Smarter prioritization: Sometimes a “High” CVE can be more urgent than a “Critical” one. For example, Git with a lower CVSS rating may rank higher than Node.js if its EPSS score indicates a higher likelihood of exploitation.

This approach ensures your team focuses on the vulnerabilities that truly matter most.

How This Helps Your SOC

By combining these dashboards, SOC analysts can:

• See the forest and the trees: start broad, then drill down.
• Save time: spot insecure clients instantly without digging through dozens of agents.
• Prioritize smartly: act on the most exploitable risks instead of just chasing critical labels.

All of this is available right inside CoPilot, seamlessly integrated with Wazuh.

📢 We Want Your Ideas

We built these features with the community in mind, but we know there’s always room to improve.

👉 If you’ve got a feature request or something you’d love to see in CoPilot, open a feature request in our GitHub repo. We’re always interested in ideas that make sense for the community.

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/

Contact Us: https://www.socfortress.co/contact_form.html