Supported Security Tools
- Vulnerability Scanning
- Endpoint Protection
- SIEM & Monitoring
- Code Security
- Other Security
| Tool | What It Provides |
|---|---|
| Snyk | Open source dependency vulnerabilities, container image scans, code security issues |
| Wiz | Cloud security posture, misconfigurations, vulnerability findings across cloud workloads |
| Qualys Cloud Platform | Network and web application vulnerability assessments |
| Tenable | Vulnerability management findings across infrastructure |
| AWS Inspector | EC2 and container vulnerability findings |
| Intruder | External vulnerability scanning |
| Probely | Web application security scanning |
| Astra Security | Web application penetration testing |
| Halo Security | Penetration testing and vulnerability assessment |
Evidence and Tests by Tool Type
Vulnerability Scanners (Snyk, Wiz, Qualys)
Evidence collected:- Open vulnerability findings with severity, affected component, and remediation guidance
- Scan history and frequency records
- Vulnerability aging reports (time to remediation)
- Suppressed or accepted risk findings with justification
- No critical vulnerabilities older than 30 days
- Vulnerability scanning runs at least weekly
- All production applications are included in scan scope
- Mean time to remediation meets SLA thresholds
Endpoint Protection (CrowdStrike, SentinelOne)
Evidence collected:- Device inventory with protection agent status
- Threat detection events and response actions
- Policy compliance per device (encryption, OS updates, agent version)
- Unprotected device list
- All company devices have endpoint protection agent installed
- Endpoint agent is up to date on all devices
- No unresolved critical threat detections
- Device encryption is enabled on all endpoints
SIEM / Monitoring (Splunk, Datadog)
Evidence collected:- Log collection configuration and coverage
- Alert rules and notification channels
- Incident detection and response timeline evidence
- Uptime and availability metrics
- Security logging is enabled for all critical systems
- Log retention meets minimum requirements (typically 90+ days)
- Alert rules exist for critical security events
- Monitoring covers all production infrastructure
Code Security (GitHub, GitLab, Semgrep)
Evidence collected:- Branch protection rule configurations
- Code review approval requirements
- Dependency vulnerability alerts
- Static analysis findings
- Branch protection is enabled on main/production branches
- Pull requests require at least one approval before merge
- Dependency vulnerability alerts are enabled
- No critical static analysis findings in production code
Framework Control Mapping
| Framework | Controls Addressed by Security Tools |
|---|---|
| ISO 27001 | A.12.6 (Vulnerability management), A.12.4 (Logging), A.14.2 (Secure development) |
| SOC 2 | CC7.1 (Monitoring), CC7.2 (Anomaly detection), CC8.1 (Change management) |
| HIPAA | 164.308(a)(5) (Security awareness), 164.312(b) (Audit controls) |
| GDPR | Article 32 (Security measures), Article 33 (Breach notification readiness) |
| PCI-DSS | Req 5 (Malware protection), Req 6 (Secure development), Req 11 (Testing) |
Vulnerability Data Flow
Integration syncs findings
The security tool integration fetches the latest vulnerability or threat findings from the connected tool.
Findings are categorized
Each finding is assigned a severity level (critical, high, medium, low, informational) and mapped to affected assets.
Assets are updated
The asset inventory in LowerPlane is updated with vulnerability counts and severity breakdowns.
Tests are evaluated
Automated compliance tests check whether findings meet your organization’s SLA thresholds and policy requirements.