Coverage · Vulnerability Watch

Know the day a flaw hits the tech you actually run.

Tell us what your business runs — firewalls, website software, cloud providers — and we watch the major security feeds for you. When a newly-discovered flaw affects your gear, you get an email. Nothing for software you don't have.

Feeds we watch
5
Alerts for tech you don't run
0
One-time setup
5min

The problem

Your inbox doesn't need another 200-item security digest.

Most security feeds dump every alert on every subscriber. You skim the subject line, see nothing about the software you actually run, and archive it. A few weeks in, you tune them out entirely — and that's exactly when the one alert you needed slips past. Vulnerability Watch works the other way around: tell us what you run once, and you only hear from us when something actually affects it.

What we look at

Five trusted feeds in. The tech you run is the filter.

The feeds we watch

  • NVD

    The U.S. government's master database of known software flaws.

  • CISA KEV

    The government's shortlist of flaws attackers are actively exploiting right now.

  • Microsoft MSRC

    Microsoft's own advisories for Microsoft 365, Azure, Windows, and Office.

  • Fortinet PSIRT

    Fortinet's advisories for FortiGate firewalls and related gear.

  • Palo Alto

    Palo Alto Networks' advisories for their firewalls and VPN products.

What you tell us you run

  • Firewalls & network gear

    Fortinet, Palo Alto, SonicWall, Cisco, Sophos, Check Point, Ubiquiti, Citrix, VMware Horizon

  • Website & app software

    WordPress, Drupal, Magento, Shopify, WooCommerce, Jira, Confluence, GitLab, Jenkins, IIS, Apache, nginx, Node/Next

  • Cloud providers

    Azure, AWS, Google Cloud

  • Your web domains

    Your Microsoft-verified domains, plus any you add — we only ever check domains you own.

How it works

Tell us what you run, and we'll email you only when it's affected.

  1. 01

    Tell us what you run

    A one-time, five-minute checklist: pick your firewalls and network gear, your website and app software, your cloud providers, and add any web domains you care about.

  2. 02

    We check nightly

    Every night we pull the latest from five major security feeds (including the U.S. government's vulnerability database and its 'actively exploited' list) and re-check them against what you told us you run.

  3. 03

    We email you

    When something new affects your gear, you get an email — instantly, or as a daily or weekly digest, your choice. We only ever check web domains you own.

Sample notification

What lands in your inbox.

One email per match: how urgent it is, a flag when it's already being exploited in the wild, a severity score, a plain description, and a link to the full details in Tenant Strike.

Immediate urgency · new match

Tenant Strike Vulnerability Watch

CVE-2024-3094 affects software you run

A widely-used Linux component (xz-utils) was found to contain a hidden backdoor that could hand an attacker full control of affected servers. If you auto-update Linux systems, patch to version 5.6.2 right away, or roll back to a known-good 5.4 release.

CISA KEVCVSS 10.0Source NIST NVD
Open in Tenant Strike →

You're receiving this because your tenant's Vulnerability Watch preferences match this advisory.

Related security note

Any web domain you add is checked against the domains Microsoft has verified you own. You can't accidentally — or deliberately — point Tenant Strike at a domain that isn't yours. Read more on the trust page →

One email when it matters. Zero when it doesn't.

Pro includes Vulnerability Watch — with no limit on what you track — alongside every Microsoft 365 and Azure check.