Awarely
AwarelyMonitor
01Cover
Commercial Offer

Awarely Monitor

CVE Monitoring for Security and NIS2-Related Workflows

Scheduled visibility into vulnerabilities from NVD, CISA KEV, EUVD, and GitHub — so you can prioritize fixes, strengthen reporting readiness, and reduce exposure.

monitor.awarely.ro

Multi-source

NVD + CISA KEV + EUVD + GitHub

EPSS + CVSS

Score by exploit probability

Export + API

Evidence for audits & reporting

02NIS2 Context

NIS2 raises the baseline for cyber resilience

  • Expands the scope to more sectors and essential services.
  • Requires risk management measures and incident reporting capabilities.
  • Romania transposed NIS2 through OUG 155/2024, approved by Law 124/2025 (Romanian law).

Awarely Monitor supports NIS2 readiness by improving vulnerability awareness. Compliance depends on your organization’s controls and processes.

NIS2 & Romania

Directive (EU) 2022/2555

Strengthens security measures across the EU.

Expands scope to essential and important entities.

Focus on reporting, risk management, and governance.

ENISA Guidance

ENISA

Awareness and training programs for staff.

Tools to run consistent, measurable campaigns.

Guides for communication and security culture.

04ENISA Guidance

Awareness is a control, not just a checklist item

  • ENISA provides guidance and tools for cybersecurity awareness programs.
  • We translate CVE noise into clear, actionable insights for leadership and operations.
  • Regular briefings and tailored alerts reinforce a security-first culture.
05Platform

Everything you need to track critical CVEs

Monitor, filter, and communicate what matters faster.

Scheduled CVE feed

Scheduled updates across public sources in one dashboard.

CISA KEV signals

Know which vulnerabilities are actively exploited in the wild.

Asset watchlist & filters

Build a personal watchlist for your tech stack — one click filters CVEs to only your watched products.

CVSS + EPSS scoring

Combine severity (CVSS) with exploitation probability (EPSS) to focus on what's actually being attacked.

Alerts & exports

Email, Slack, Teams & outbound webhook alerts. CSV and XLSX export for audit evidence and spreadsheet analysis.

Secure access

Role-based access, MFA, SSO, and API capabilities for enterprise workflows.

CVE status tracking

Mark CVEs as Acknowledged, Mitigated, or False Positive — keep your whole team aligned on remediation state.

SLA tracking & breach alerts

Automatic SLA timers per severity (CRITICAL 7d / HIGH 14d / MEDIUM 30d). Get alerted before and when you breach — with re-alerts every 7 days until resolved.

Team notes & collaboration

Annotate any CVE with internal notes — document why it was mitigated, add context, build a shared knowledge base.

Jira & Linear integration

One-click ticket creation directly from a CVE — pre-filled with severity, CVSS, EPSS, and affected products.

PDF reports — custom schedule

Schedule PDF reports for weekly or monthly delivery at your selected day, hour and timezone. Bring CVE, SLA and workflow context into leadership briefings and internal review.

NIS2 / ISO 27001 workflow report

On-demand audit PDF covering SLA performance, CVE remediation evidence, supply chain risk, and NIS2 Art. 21/23 + ISO 27001 A.12.6.1 references. One click in Settings → Reports.

Saved Views

Save any filter configuration plus active sort order as a named view — one click restores your exact working set for daily triage without reconfiguring anything.

Analytics dashboard

5 built-in charts: CVE trend (day/week/month), severity distribution, remediation progress, source breakdown, and top affected vendors.

Outbound webhook alerts

Push CVE alerts to any HTTPS endpoint with HMAC-SHA256 signature verification — integrate with PagerDuty, custom pipelines, or any internal system.

Bulk CVE status update & notes

Select multiple CVEs with checkboxes and update all their statuses or add the same note to all of them in one action — up to 50 CVEs per operation, a single audit event logged for full traceability.

CVE assignment & accountability

Assign any CVE to a specific team member from the detail panel or bulk-assign multiple CVEs at once. Assignee is visible in the list and included in CSV/XLSX exports — audit reports always show who owns what.

Interactive column sort

Click any column header — Severity, CVSS, EPSS, or Date — to sort the CVE list instantly. Click again to reverse. Always see the highest-risk items first.

Activity timeline & team feed

Each CVE shows a unified timeline of status changes and notes interleaved by time. Pro users also get a global recent-activity card on the Dashboard showing the last 10 team actions across all CVEs.

Assignee email notifications

Get notified automatically when a CVE is assigned to you, when a teammate changes its status, or when someone adds a note with remediation context — so you never miss an action on your CVEs.

Browser push notifications

CVE alerts delivered directly to your browser on desktop and mobile. Available when browser and platform permissions support it, with per-user controls in Settings.

Markdown notes

Write CVE notes with Markdown: bold, inline code, fenced code blocks, and bullet lists. A Write / Preview toggle lets you verify formatting before saving — perfect for documenting patch commands and workarounds.

Install as app (PWA)

Add Awarely Monitor to your home screen on iOS, Android, or desktop Chrome — no app store required. The app shell and static assets are cached for instant loads and basic offline access; CVE and dashboard data always load fresh from the network, so a connection is needed to see live data. Integrates with your OS notification system.

Public CVE pages — no login required

Published CVE records have shareable public URLs (monitor.awarely.ro/cve/CVE-YYYY-NNNNN) accessible without an account. Share directly with auditors, clients, or colleagues who don't have access — they see CVSS, EPSS, description, affected products, and the CISA KEV badge.

Audit trail with S3 Object Lock retention support

Audit events are stored in DynamoDB for fast UI queries, and the platform automatically attempts a secondary S3 copy with Object Lock in GOVERNANCE mode and 365-day retention. GOVERNANCE mode helps prevent accidental or unauthorised deletion or modification during the retention period, adding a retained secondary record for ISO 27001 A.8.15 and NIS2 Art. 21 documentation.

06Readiness Map

Mapping Awarely Monitor to NIS2 expectations

The platform supports core elements of NIS2 readiness.

Vulnerability management

Art. 21 §2(b)

Scheduled CVE visibility supports patch planning and prioritization.

Incident handling acceleration

Art. 23 §1

Faster triage helps meet reporting timelines and escalation needs.

Supply chain awareness

Art. 21 §2(c)

Monitor vendor-specific exposure across your technology stack.

Exportable evidence

Art. 21 §2(f) + Art. 23 §3

On-demand NIS2/ISO 27001 workflow PDF, SLA tracking, audit trail, and exports provide documentation of due diligence.

NIS2-related workflow coverage at a glance

Awarely Monitor supports exportable documentation for:

ArticleRequirementTier
Art. 21 §2(b)Vulnerability handling and disclosure
All plans
Art. 21 §2(c)Supply chain cyber risk management
All plans
Art. 21 §2(f)Risk-management effectiveness evidence
Pro
Art. 23 §1Early warning acceleration (24h)
Pro
Art. 23 §3Detailed notification documentation (72h)
Pro
OUG 155/2024 Art. 13Romanian vulnerability handling requirements
All plans
OUG 155/2024 Art. 15Romanian incident reporting requirements
Pro

Awarely Monitor supports documentation of these requirements. Full NIS2 compliance requires broader organizational controls.

07Workflow

Monitor. Prioritize. Act.

01

Monitor

Aggregate CVE data from trusted public sources on a scheduled six-hour cycle.

02

Prioritize

Use CVSS severity, EPSS exploit probability, and your asset watchlist to focus on what's actually being targeted.

03

Act

Notify teams, export reports, and track remediation workflows.

08Outcomes

Clear value for security and compliance teams

Clear results you can communicate to stakeholders.

Reduced time-to-triage

Surface critical vulnerabilities without drowning in noise.

Aligned reporting

Create consistent evidence for internal and external stakeholders.

Executive visibility

Concise updates for leadership, risk, and compliance owners.

09Pricing

Two clear plans for teams that need monitored vulnerability intelligence

Built for teams that want focused CVE monitoring and a clear follow-up workflow.

Pro 14-Day Free Trial

€0

14 days

A 14-day Pro trial path for new accounts.

  • Pro-level workflow access during the trial period
  • Email, Slack & Teams alerts, audit trail, evidence pack
  • API access + CSV export
Start 14-day trial

Starter

€59

/month

For small teams.

  • Shared team access
  • Critical-severity email alerts
  • CSV & XLSX export
  • Retention 90 days
  • Asset watchlist (personal product tracking)
  • CVSS + EPSS context where source data is available
  • CVE status tracking (Seen, Acknowledged, Mitigated, False Positive)
  • Bulk CVE status update & notes (up to 50 CVEs at once)
  • Team notes with Markdown + activity timeline per CVE
  • CVE assignment to team members
  • Browser push notifications
  • Saved Views & analytics dashboard
  • Install as app (PWA) — iOS, Android & desktop
  • No API access
Choose Starter

Pro

Recommended

€199

/month

For security teams.

  • Everything in Starter
  • Email, Slack, Teams and outbound webhook alerts for eligible Pro accounts
  • Retention 12 months
  • Audit trail + monthly evidence pack
  • PDF reports weekly/monthly (email delivery)
  • NIS2 / ISO 27001 workflow report (PDF)
  • SLA tracking & breach alerts (CRITICAL 7d / HIGH 14d / MEDIUM 30d)
  • Jira & Linear one-click ticket creation
  • Asset watchlist with alert matching
  • EPSS-aware alerting (exploit-probability threshold)
  • SSO configuration for eligible Pro accounts
  • API access included (50k req/mo)
Choose Pro

All subscriptions are managed directly with Awarely via B2B contract. Contact us for details and a custom offer.

TermsPrivacyRefundsDPA

10Plan Details

What each tier means in practice

Clear scope, clear expectations — mapped to team size and compliance needs.

Pro 14-Day Free Trial

Pro workflow access to validate fit

Ideal for: evaluation, internal buy-in and security-workflow assessment.

  • Pro-level workflow access during the trial period
  • Email + Slack alerts, audit trail, evidence pack
  • API access (50k req/mo) + CSV export
  • All sources: NVD, CISA KEV, EUVD, GitHub

Access after the trial follows the account entitlement and applicable terms.

Starter

For small teams that need shared coverage

Ideal for: micro/SMB teams starting NIS2 readiness.

  • Shared team access
  • Critical-severity email alerts
  • CSV & XLSX export
  • Retention 90 days
  • All sources enabled (NVD, CISA KEV, EUVD, GitHub)
  • Asset watchlist (personal product tracking)
  • CVSS + EPSS context where source data is available
  • CVE status tracking (Seen, Acknowledged, Mitigated, False Positive)
  • Bulk CVE status update & notes (up to 50 CVEs at once)
  • Team notes with Markdown + activity timeline per CVE
  • CVE assignment to team members
  • Browser push notifications
  • Saved Views & analytics dashboard (5 charts)
  • Install as app (PWA)

Alerts limited to Critical via email — no Slack/Teams/webhooks, no API access

Pro

For analysts who need audit, alerts and API

Recommended

Ideal for: teams with audit/compliance reporting needs.

  • Everything in Starter
  • Email, Slack, Teams and outbound webhook alerts for eligible Pro accounts
  • Retention 12 months
  • Audit trail + evidence pack
  • PDF reports weekly/monthly (email delivery)
  • NIS2 / ISO 27001 workflow report (PDF)
  • SLA tracking & breach alerts (CRITICAL 7d / HIGH 14d / MEDIUM 30d)
  • Jira & Linear one-click ticket creation
  • Asset watchlist with alert matching
  • EPSS-aware alerting (exploit-probability threshold)
  • API access (50k req/month)

SSO configuration is available for eligible Pro accounts.

11Contact

Let’s build your vulnerability visibility

Request a demo or a tailored offer for your organization.

Request a Demo

Contact

monitor@awarely.ro

Phone

Contact Awarely for demos, commercial offers and questions about NIS2-related workflows.

FAQ

Common questions from compliance and security teams

Does this replace a full NIS2 compliance program?

No. Awarely Monitor supports vulnerability management and reporting readiness, but full compliance requires broader governance, policies, and controls.

Which sources are monitored?

We aggregate CVE data from NVD, CISA KEV, EUVD, and GitHub Security Advisories for a consolidated view.

What is EPSS and why does it matter?

EPSS (Exploit Prediction Scoring System) is a daily-updated probability score from FIRST.org that estimates the likelihood a CVE will be exploited in the next 30 days. Combined with CVSS severity, it helps teams skip the noise and patch what attackers are actually targeting.

Can we export evidence for audits?

Yes. CSV exports, scheduled PDF reports and the on-demand NIS2/ISO 27001 workflow report provide exportable documentation for internal audit preparation. The report brings together available SLA, CVE-remediation and workflow information with relevant reference context.

How does SLA tracking work?

Once a CVE is acknowledged, Awarely Monitor starts an SLA timer using the configured severity window. Default windows are CRITICAL 7 days, HIGH 14 days and MEDIUM 30 days. When configured, breach alerts support team follow-up and the workflow report shows available SLA information for the selected period.

Can I install Awarely Monitor as a mobile app?

Yes. Awarely Monitor is a Progressive Web App (PWA) — no app store needed. On iOS, open the site in Safari and tap "Add to Home Screen". On Android, open it in Chrome and tap "Add to Home Screen" (or use the Install prompt). On desktop Chrome/Edge, click the install icon in the address bar. Browser push delivery depends on browser and platform permissions.