# Vulnerability & Security Monitors Vulnerability and security monitors in Sprinto help organisations track how identified weaknesses are remediated and how ongoing security assessments are performed. These monitors cover VAPT (Vulnerability Assessment and Penetration Testing), patching timelines, and SLA-driven remediation requirements. They ensure that discovered issues are resolved promptly, evidence is available for audits, and recurring testing is properly documented. By enabling these monitors, Sprinto continuously validates that vulnerabilities are addressed within defined timelines and that evidence of periodic assessments is captured. *** ### What Sprinto Monitors Sprinto checks for: * **Vulnerability Remediation SLA**\ Ensures vulnerabilities are resolved within the organisation’s defined SLA (e.g., critical issues patched within 30 days). * **VAPT Findings Resolution**\ Tracks whether identified vulnerabilities from penetration tests or scans are remediated with supporting evidence. * **Periodic VAPT Reports**\ Ensures that vulnerability assessment and penetration test (VAPT) reports are uploaded at regular intervals (e.g., quarterly, annually). * **Device Security Checks (Extended)**\ Confirms that staff devices have required protections, such as antivirus and screen lock policies, when linked to vulnerability management evidence. *** ### Benefits * **Reduced Security Risk** – Ensures vulnerabilities are addressed before they can be exploited. * **Audit-Ready Evidence** – Provides clear proof of remediation activities and periodic assessments. * **Improved Governance** – Enforces SLA-based remediation policies across teams. * **Continuous Monitoring** – Extends coverage to staff devices, reducing the chance of overlooked security gaps. *** ### Supported Inputs Sprinto collects vulnerability and assessment data from: * VAPT Reports (manual uploads) * Security tool integrations (e.g., antivirus detection, device monitors) * Remediation evidence uploaded directly in Sprinto *** ### Next Steps * Configure your organisation’s SLA for vulnerability remediation. * Upload the latest VAPT report to Sprinto. * Ensure that remediation evidence is provided for each identified finding. * Review failing monitors and assign tasks to responsible teams. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sprinto.com/monitors/vulnerability-and-security-monitors.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.