Security RX for Infrastructure

Security RX for Infrastructure helps you identify, prioritize, and remediate vulnerabilities in your infrastructure hosts, operating systems, and installed packages. Monitor security across your entire infrastructure fleet or drill down into specific hosts to understand their security posture.

What you can do

With Security RX for Infrastructure, you can:

Detect vulnerabilities in OS distributions and installed packages automatically through Infrastructure agents
Track package versions and identify outdated components across your fleet
Monitor host-level security with entity-scoped views
Manage infrastructure security organization-wide with comprehensive dashboards
View upgrade recommendations for vulnerable packages and distributions

How to get started

Before using Security RX for Infrastructure, make sure you have:

Set up prerequisites and user roles - Ensure you have the required permissions
Installed the Infrastructure agent - Deploy agents to your hosts
Verified your OS is supported - Check the list of supported Linux distributions below

Choose your workflow

Security RX provides two complementary views for managing infrastructure vulnerabilities:

Organization view: Manage all infrastructure

Best for security teams, DevSecOps, and platform engineers who need to:

Calculate the vulnerability surface area across all hosts
Identify which hosts and packages pose the highest risk
Track OS distributions and package versions in use
Monitor security hygiene metrics infrastructure-wide

→ Manage infrastructure vulnerabilities

Entity view: Monitor specific hosts

Best for site reliability engineers, system administrators, and infrastructure teams who need to:

Monitor vulnerabilities in specific hosts
Track package vulnerabilities and available upgrades
View security summaries for individual infrastructure entities
Integrate security tasks into infrastructure maintenance workflows

→ Monitor host-level security

Supported operating systems

Security RX for Infrastructure supports the following Linux distributions:

OS Distribution	Package Manager	Detection Coverage
Debian	DPKG	Installed packages
Ubuntu	DPKG	Installed packages
Amazon Linux	RPM	Installed packages
CentOS	RPM	Installed packages
RHEL & Oracle Linux	RPM	Installed packages
SLES	RPM	Installed packages

For complete requirements and setup instructions, see Infrastructure agent integration.

Data sources

Security RX for Infrastructure collects vulnerability data from:

Infrastructure agents - Automatic detection of vulnerabilities in OS packages and distributions
Package inventory - Real-time tracking of installed packages and versions
CVE databases - Continuous monitoring of known vulnerabilities affecting your OS distributions

Learn more about configuring the Infrastructure agent.

Key differences from application security

Infrastructure vulnerability management focuses on:

Operating system vulnerabilities - CVEs in the OS itself
System packages - Vulnerabilities in installed system-level packages
Package managers - RPM and DPKG managed components
Host-level security - Security posture of individual servers and containers

This complements Security RX for Applications, which focuses on application-level dependencies and libraries.

What's next?

Manage infrastructure vulnerabilities

View vulnerability surface area across all hosts

Monitor host security

Track vulnerabilities in a specific host

Set up alerts

Get notified when new vulnerabilities are detected

Manage vulnerability status

Change status to Ignored, Affected, or Fixed

What you can do.css-21sua1{background:none;border:none;width:0;padding:0;}