Dual Audit Trails: Security Events vs Activity Logs
Why split audit into two trails? Learn how synchronous security events and batched activity logs work together for audit-ready evidence.
PMAP field notes
Field notes on running vulnerability management
Practical writeups on scan orchestration, finding correlation and remediation lifecycle, published by the practitioners who run vulnerability management on the platform, not by a marketing desk.
- Practitioner-authored
- Multi-vendor grounded
- Triage to closure
All vulnerability management notes
-
-
SLA Deadline Recalculation Explained
How does an SLA deadline shift when severity changes or a finding is paused? Walk the recalculation formula and precedence chain in PMAP.
-
Why Four-Eyes Approval Belongs in Vulnerability Workflows
What is the four-eyes principle and why does it matter for vulnerability changes? Learn the control and how PMAP gates sensitive actions.
-
Tenant Hierarchy and Six-Branch Owner Resolution
How does a platform pick the right owner across a holding and its subsidiaries? Walk the six-branch resolution chain inside PMAP.
-
The 10×6 Permission Matrix Behind Real RBAC
See how a permission matrix maps 10 entity types to 6 actions for granular RBAC. Learn the anatomy of scoped role design in PMAP.
-
CVSS, CWE and CVE Explained for Practitioners
Confused by CVE, CWE and CVSS? Learn what each one means, how they differ and how they read together on a vulnerability template.
-
A Practical Guide to MITRE ATT&CK Mapping in Vulnerability Management
A methodology for mapping vulnerabilities to MITRE ATT&CK techniques and tactics. Learn the workflow, then see how PMAP tags findings.
-
How a Correlation and Deduplication Engine Works
Learn how a correlation engine deduplicates scanner results with reference keys and SHA-1 fingerprints. See the 4-case pipeline inside PMAP.
-
Durable Workflow Engines for Security Automation
How do security automations survive restarts and wait days for a signal? Learn durable workflow engines and how PMAP runs durable runbooks.
