›Why asset vulnerability management needs a structured workflow
Unpatched vulnerabilities are exploited within 15 days of CVE publication — attackers scan for known CVEs the moment they are disclosed, while mid-market teams juggle thousands of CVEs per month with no clear priority. Automated patch prioritization closes this 15-day window before exploitation happens.
Without a structured workflow, vulnerability data lives in a scanner PDF nobody reads, patching is handled case-by-case at the service desk, and compliance reports are assembled manually under deadline pressure.
Utilyx models vulnerability management as an executable decision tree — CVE scan, asset correlation, CVSS prioritization, patch deployment, verification and audit-ready reporting.
›The automated vulnerability management workflow
The workflow is structured as a decision tree with 5 main branches (Scan, Correlation, Prioritization, Patch Deployment, Verification) running on a scheduled cadence (daily or on new CVE feed), with parallel deployment sub-branches and 9 steps end-to-end. Every step is executed by a named actor (Discovery Agent, AI Copilot, Security, IT Operations) and every action is appended to the timeline_vulnerability audit subtable.
- Step 1 (Start — CVE scan — sql-query): the workflow runs vulnerability scans on enrolled assets and ingests CVE feeds, mapping each CVE to affected software versions via sql-query into the cve_finding table with fields cve_id, cve_score, affected_title, affected_version, asset_id, exposure (internet_facing / internal).
- Step 2 (Asset correlation — sql-query): the Copilot correlates each CVE against the asset inventory via sql-query — which installed titles, which versions, which assets are exposed — writing the precise blast radius to the asset_exposure table with fields cve_id, asset_id, asset_criticality, exposure.
- Step 3 (Risk prioritization — AI Copilot): the Copilot scores each finding by CVSS combined with asset criticality and exposure, producing a prioritized remediation queue. The tree splits — Branch A (CVSS ≥ 7.0 or internet_facing = true): critical, deploy within 7 days; Branch B (CVSS 4.0-6.9, internal): high, deploy within 30 days; Branch C (CVSS < 4.0): low, batch in next maintenance window.
- Step 4 (Patch deployment — IT Operations): patches are packaged, tested in a pilot group, then deployed to affected assets in waves via the patch_deployment table with fields cve_id, patch_id, wave, asset_id, status, deployed_at — tracked to completion with rollback on failure.
- Step 5 (Email notification — email): the Copilot sends an email to security and IT operations with the prioritized queue and deployment schedule, flagging any critical (Branch A) finding past the 7-day SLA as breached.
- Step 6 (Verification — sql-query): post-deployment scans confirm via sql-query that the CVE is remediated on each asset. Sub-branch: any residual exposure triggers a new remediation cycle back to Step 4.
- Step 7 (usePDF compliance report): usePDF generates a vulnerability compliance report — findings, patches, verification status — for auditors and regulators, in 7 languages.
- Step 8 (useArchive): useArchive retains every scan, patch record and verification in a tamper-evident audit trail with index fields cve_id, asset_id, cvss_score, patch_status, scan_date.
- Step 9 (Dashboard): a live dashboard renders open findings by CVSS, exposure and SLA status — refreshed in real time from the cve_finding table.
›Concrete benefits
Teams deploying Utilyx close the 15-day exploitation window on critical CVEs (mean-time-to-patch cut by 70% via prioritized queue and automated deployment), achieve 100% compliance reporting on demand, and pass security audits without manual assembly.
The no-code designer and AI copilot let a security or IT manager build the vulnerability workflow in one session — no security consultants, at 70% lower TCO than legacy vulnerability management platforms. The 7-day SLA on critical findings is tracked automatically, so nothing slips into the exploitation window.
›The workflow in real time
Every node is executable, every branch is testable. Visualize the actual flow of your data while you design.
Frequently asked questions
Does the workflow use CVSS for prioritization?
Yes. The copilot scores each finding by CVSS combined with asset criticality and exposure (internet-facing vs internal), producing a prioritized remediation queue.
Can the workflow verify that a patch worked?
Yes. Post-deployment scans confirm the CVE is remediated; any residual exposure automatically triggers a new remediation cycle.
Can I generate a compliance report for auditors?
Yes. usePDF generates a vulnerability compliance report covering findings, patches and verification in any of the 7 supported languages, with every record archived via useArchive.
Ready to automate your processes?
Utilyx lets you design, automate and orchestrate your workflows visually — with an AI copilot, OCR, PDF generation and legal archiving. Start in minutes, not weeks.
