UVM 1.0 Release Notes
Release date: May 2026
UVM 1.0 introduces JupiterOne's Unified Vulnerability Management product. You can now take raw findings from every scanner you run, deduplicate and prioritize them on the graph, and route remediation cases to the teams that own the affected assets.
What is new
| Feature | What it means for you |
|---|---|
| The prioritization funnel | A four-stage workflow — Vulnerabilities → Unified → Prioritized → Plans — visible as a live Sankey diagram on every UVM page |
| Vulnerability unification | One row per CVE per asset, deduplicated across every configured scanner, with full source attribution |
| EPSS and KEV enrichment | Exploitation probability from FIRST.org and CISA's Known Exploited Vulnerabilities catalog on every CVE |
| Configurable risk scoring | A transparent composite score combining CVSS, EPSS, crown jewel status, and public exposure — weights you own |
| CPE-based remediation plans | Prioritized vulnerabilities grouped by common fix, so teams act on a short list of plans instead of thousands of CVEs |
| AI-generated plan content | Every plan ships with an AI-written remediation summary and step-by-step fix instructions |
| Ownership-based case routing | Cases route to owning teams in Jira through Hierarchical Resource Groups |
| AI Assistant | Sort, filter, and navigate UVM views in natural language |
Supported scanner integrations
UVM 1.0 ships with first-class support for CrowdStrike Falcon, Qualys VMDR, SentinelOne, Tenable.io, and Wiz. SBOM-sourced findings are also recognized.
Getting started
- Confirm at least one supported scanner integration is configured and syncing
- Tag your business-critical assets with
tag.crownJewel - Open Vulnerabilities in the navigation and review the default risk configuration
- Open the Plans tab and create cases for the top remediation plans
- Confirm cases arrive in the correct Jira projects
For full feature documentation, see Unified Vulnerability Management.