What is the Watchlist
The watchlist is a personal CVE tracking list that operates independently from your environments. Use it to monitor specific CVEs that matter to your research, planning, or awareness, even if those CVEs do not currently match any asset in your environment.
When to Use the Watchlist
The watchlist serves a different purpose than environment-based finding matching:
Research and awareness: You read about a new Siemens vulnerability in an industry advisory. You do not have Siemens devices in your environment yet, but you are planning a deployment. Add the CVE to your watchlist to track exploitation developments.
Vendor evaluation: You are evaluating a new vendor for your next project. Add CVEs affecting that vendor's products to your watchlist to understand their security track record over time.
CVE class monitoring: You are interested in authentication bypass vulnerabilities in industrial protocols. Search for relevant CVEs and add the most significant ones to your watchlist.
Pre-deployment tracking: You know you will be adding certain device types to your environment next quarter. Watch CVEs affecting those devices now so you are prepared when they go live.
Exploitation intelligence: You want to know immediately when a specific CVE gets a public exploit, an EPSS spike, or a KEV catalog addition. The watchlist alerts you to these changes.
Watchlist vs Environment Matching
| Feature | Watchlist | Environment Matching |
|---|---|---|
| How CVEs are added | You manually choose specific CVEs | Automatic matching by asset vendor/product/version |
| Scope | Any CVE in the corpus | Only CVEs matching your declared assets |
| Purpose | Research, tracking, planning | Operational triage and remediation |
| Alerts | Yes -- on new exploitation data | Yes -- on new matches to your assets |
| SAGE analysis | Yes (tier dependent) | Yes (tier dependent) |
| Appears in reports | No | Yes |
| Appears in compliance evidence | No | Yes |
| Requires assets | No | Yes |
The right approach for most operators: Set up environments with assets for your operational triage and compliance documentation. Use the watchlist for research, vendor evaluation, industry awareness, and tracking CVEs before they affect your specific environment.
Both generate alerts. They are complementary tools serving different purposes.
Viewing Your Watchlist
Navigate to Watchlist in the left sidebar. Your watched CVEs are listed with:
- CVE ID and BSID
- Current CVSS, EPSS, and BCS scores
- KEV status
- Exploit maturity
- Date you added the CVE to your watchlist
- Date of the most recent intelligence update for this CVE
Click any CVE to open the full detail page. Click the bookmark icon again to remove it from your watchlist.
Watchlist Limits
There is no hard limit on watchlist size, but the platform is optimized for focused tracking. A watchlist of 10-50 carefully selected CVEs delivers clear, actionable alerts. A watchlist of 500+ CVEs may generate alert noise.
If you need broad, automated CVE monitoring, that is what environments and asset matching are for. The watchlist is for targeted, intentional tracking.