Awarely Monitor
CVE Monitoring for Security and NIS2-Related Workflows
Scheduled visibility into vulnerabilities from NVD, CISA KEV, EUVD, and GitHub — so you can prioritize fixes, strengthen reporting readiness, and reduce exposure.
Multi-source
NVD + CISA KEV + EUVD + GitHub
EPSS + CVSS
Score by exploit probability
Export + API
Evidence for audits & reporting
NIS2 raises the baseline for cyber resilience
- Expands the scope to more sectors and essential services.
- Requires risk management measures and incident reporting capabilities.
- Romania transposed NIS2 through OUG 155/2024, approved by Law 124/2025 (Romanian law).
Awarely Monitor supports NIS2 readiness by improving vulnerability awareness. Compliance depends on your organization’s controls and processes.
NIS2 & Romania
Directive (EU) 2022/2555
• Strengthens security measures across the EU.
• Expands scope to essential and important entities.
• Focus on reporting, risk management, and governance.
Articles that directly support vulnerability monitoring systems
These legal references emphasize vulnerability handling, incident management, and fast reporting — the exact workflows supported by Awarely Monitor.
Romania transposed NIS2 via OUG 155/2024, approved by Law 124/2025.
NIS2 Article 21
Cybersecurity risk-management measures include vulnerability handling and disclosure plus incident handling.
NIS2 Article 23
Significant incidents require early warning within 24 hours and detailed notification within 72 hours.
OUG 155/2024 Art. 13 (RO)
Romanian law requires risk-management measures that include vulnerability handling and incident management.
OUG 155/2024 Art. 15 (RO)
Romanian law requires reporting significant incidents with 24h early warning and 72h notification, plus final reporting.
ENISA Guidance
ENISA
• Awareness and training programs for staff.
• Tools to run consistent, measurable campaigns.
• Guides for communication and security culture.
Awareness is a control, not just a checklist item
- ENISA provides guidance and tools for cybersecurity awareness programs.
- We translate CVE noise into clear, actionable insights for leadership and operations.
- Regular briefings and tailored alerts reinforce a security-first culture.
Everything you need to track critical CVEs
Monitor, filter, and communicate what matters faster.
Scheduled CVE feed
Scheduled updates across public sources in one dashboard.
CISA KEV signals
Know which vulnerabilities are actively exploited in the wild.
Asset watchlist & filters
Build a personal watchlist for your tech stack — one click filters CVEs to only your watched products.
CVSS + EPSS scoring
Combine severity (CVSS) with exploitation probability (EPSS) to focus on what's actually being attacked.
Alerts & exports
Email, Slack, Teams & outbound webhook alerts. CSV and XLSX export for audit evidence and spreadsheet analysis.
Secure access
Role-based access, MFA, SSO, and API capabilities for enterprise workflows.
CVE status tracking
Mark CVEs as Acknowledged, Mitigated, or False Positive — keep your whole team aligned on remediation state.
SLA tracking & breach alerts
Automatic SLA timers per severity (CRITICAL 7d / HIGH 14d / MEDIUM 30d). Get alerted before and when you breach — with re-alerts every 7 days until resolved.
Team notes & collaboration
Annotate any CVE with internal notes — document why it was mitigated, add context, build a shared knowledge base.
Jira & Linear integration
One-click ticket creation directly from a CVE — pre-filled with severity, CVSS, EPSS, and affected products.
PDF reports — custom schedule
Schedule PDF reports for weekly or monthly delivery at your selected day, hour and timezone. Bring CVE, SLA and workflow context into leadership briefings and internal review.
NIS2 / ISO 27001 workflow report
On-demand audit PDF covering SLA performance, CVE remediation evidence, supply chain risk, and NIS2 Art. 21/23 + ISO 27001 A.12.6.1 references. One click in Settings → Reports.
Saved Views
Save any filter configuration plus active sort order as a named view — one click restores your exact working set for daily triage without reconfiguring anything.
Analytics dashboard
5 built-in charts: CVE trend (day/week/month), severity distribution, remediation progress, source breakdown, and top affected vendors.
Outbound webhook alerts
Push CVE alerts to any HTTPS endpoint with HMAC-SHA256 signature verification — integrate with PagerDuty, custom pipelines, or any internal system.
Bulk CVE status update & notes
Select multiple CVEs with checkboxes and update all their statuses or add the same note to all of them in one action — up to 50 CVEs per operation, a single audit event logged for full traceability.
CVE assignment & accountability
Assign any CVE to a specific team member from the detail panel or bulk-assign multiple CVEs at once. Assignee is visible in the list and included in CSV/XLSX exports — audit reports always show who owns what.
Interactive column sort
Click any column header — Severity, CVSS, EPSS, or Date — to sort the CVE list instantly. Click again to reverse. Always see the highest-risk items first.
Activity timeline & team feed
Each CVE shows a unified timeline of status changes and notes interleaved by time. Pro users also get a global recent-activity card on the Dashboard showing the last 10 team actions across all CVEs.
Assignee email notifications
Get notified automatically when a CVE is assigned to you, when a teammate changes its status, or when someone adds a note with remediation context — so you never miss an action on your CVEs.
Browser push notifications
CVE alerts delivered directly to your browser on desktop and mobile. Available when browser and platform permissions support it, with per-user controls in Settings.
Markdown notes
Write CVE notes with Markdown: bold, inline code, fenced code blocks, and bullet lists. A Write / Preview toggle lets you verify formatting before saving — perfect for documenting patch commands and workarounds.
Install as app (PWA)
Add Awarely Monitor to your home screen on iOS, Android, or desktop Chrome — no app store required. The app shell and static assets are cached for instant loads and basic offline access; CVE and dashboard data always load fresh from the network, so a connection is needed to see live data. Integrates with your OS notification system.
Public CVE pages — no login required
Published CVE records have shareable public URLs (monitor.awarely.ro/cve/CVE-YYYY-NNNNN) accessible without an account. Share directly with auditors, clients, or colleagues who don't have access — they see CVSS, EPSS, description, affected products, and the CISA KEV badge.
Audit trail with S3 Object Lock retention support
Audit events are stored in DynamoDB for fast UI queries, and the platform automatically attempts a secondary S3 copy with Object Lock in GOVERNANCE mode and 365-day retention. GOVERNANCE mode helps prevent accidental or unauthorised deletion or modification during the retention period, adding a retained secondary record for ISO 27001 A.8.15 and NIS2 Art. 21 documentation.
Mapping Awarely Monitor to NIS2 expectations
The platform supports core elements of NIS2 readiness.
Vulnerability management
Scheduled CVE visibility supports patch planning and prioritization.
Incident handling acceleration
Faster triage helps meet reporting timelines and escalation needs.
Supply chain awareness
Monitor vendor-specific exposure across your technology stack.
Exportable evidence
On-demand NIS2/ISO 27001 workflow PDF, SLA tracking, audit trail, and exports provide documentation of due diligence.
NIS2-related workflow coverage at a glance
Awarely Monitor supports exportable documentation for:
| Article | Requirement | Tier |
|---|---|---|
| Art. 21 §2(b) | Vulnerability handling and disclosure | All plans |
| Art. 21 §2(c) | Supply chain cyber risk management | All plans |
| Art. 21 §2(f) | Risk-management effectiveness evidence | Pro |
| Art. 23 §1 | Early warning acceleration (24h) | Pro |
| Art. 23 §3 | Detailed notification documentation (72h) | Pro |
| OUG 155/2024 Art. 13 | Romanian vulnerability handling requirements | All plans |
| OUG 155/2024 Art. 15 | Romanian incident reporting requirements | Pro |
Awarely Monitor supports documentation of these requirements. Full NIS2 compliance requires broader organizational controls.
Monitor. Prioritize. Act.
Monitor
Aggregate CVE data from trusted public sources on a scheduled six-hour cycle.
Prioritize
Use CVSS severity, EPSS exploit probability, and your asset watchlist to focus on what's actually being targeted.
Act
Notify teams, export reports, and track remediation workflows.
Clear value for security and compliance teams
Clear results you can communicate to stakeholders.
Reduced time-to-triage
Surface critical vulnerabilities without drowning in noise.
Aligned reporting
Create consistent evidence for internal and external stakeholders.
Executive visibility
Concise updates for leadership, risk, and compliance owners.
Two clear plans for teams that need monitored vulnerability intelligence
Built for teams that want focused CVE monitoring and a clear follow-up workflow.
Pro 14-Day Free Trial
€0
14 days
A 14-day Pro trial path for new accounts.
- Pro-level workflow access during the trial period
- Email, Slack & Teams alerts, audit trail, evidence pack
- API access + CSV export
Starter
€59
/month
For small teams.
- Shared team access
- Critical-severity email alerts
- CSV & XLSX export
- Retention 90 days
- Asset watchlist (personal product tracking)
- CVSS + EPSS context where source data is available
- CVE status tracking (Seen, Acknowledged, Mitigated, False Positive)
- Bulk CVE status update & notes (up to 50 CVEs at once)
- Team notes with Markdown + activity timeline per CVE
- CVE assignment to team members
- Browser push notifications
- Saved Views & analytics dashboard
- Install as app (PWA) — iOS, Android & desktop
- No API access
Pro
€199
/month
For security teams.
- Everything in Starter
- Email, Slack, Teams and outbound webhook alerts for eligible Pro accounts
- Retention 12 months
- Audit trail + monthly evidence pack
- PDF reports weekly/monthly (email delivery)
- NIS2 / ISO 27001 workflow report (PDF)
- SLA tracking & breach alerts (CRITICAL 7d / HIGH 14d / MEDIUM 30d)
- Jira & Linear one-click ticket creation
- Asset watchlist with alert matching
- EPSS-aware alerting (exploit-probability threshold)
- SSO configuration for eligible Pro accounts
- API access included (50k req/mo)
All subscriptions are managed directly with Awarely via B2B contract. Contact us for details and a custom offer.
What each tier means in practice
Clear scope, clear expectations — mapped to team size and compliance needs.
Pro 14-Day Free Trial
Pro workflow access to validate fit
Ideal for: evaluation, internal buy-in and security-workflow assessment.
- Pro-level workflow access during the trial period
- Email + Slack alerts, audit trail, evidence pack
- API access (50k req/mo) + CSV export
- All sources: NVD, CISA KEV, EUVD, GitHub
Access after the trial follows the account entitlement and applicable terms.
Starter
For small teams that need shared coverage
Ideal for: micro/SMB teams starting NIS2 readiness.
- Shared team access
- Critical-severity email alerts
- CSV & XLSX export
- Retention 90 days
- All sources enabled (NVD, CISA KEV, EUVD, GitHub)
- Asset watchlist (personal product tracking)
- CVSS + EPSS context where source data is available
- CVE status tracking (Seen, Acknowledged, Mitigated, False Positive)
- Bulk CVE status update & notes (up to 50 CVEs at once)
- Team notes with Markdown + activity timeline per CVE
- CVE assignment to team members
- Browser push notifications
- Saved Views & analytics dashboard (5 charts)
- Install as app (PWA)
Alerts limited to Critical via email — no Slack/Teams/webhooks, no API access
Pro
For analysts who need audit, alerts and API
Ideal for: teams with audit/compliance reporting needs.
- Everything in Starter
- Email, Slack, Teams and outbound webhook alerts for eligible Pro accounts
- Retention 12 months
- Audit trail + evidence pack
- PDF reports weekly/monthly (email delivery)
- NIS2 / ISO 27001 workflow report (PDF)
- SLA tracking & breach alerts (CRITICAL 7d / HIGH 14d / MEDIUM 30d)
- Jira & Linear one-click ticket creation
- Asset watchlist with alert matching
- EPSS-aware alerting (exploit-probability threshold)
- API access (50k req/month)
SSO configuration is available for eligible Pro accounts.
Let’s build your vulnerability visibility
Request a demo or a tailored offer for your organization.
Request a DemoContact
monitor@awarely.ro
Phone
Contact Awarely for demos, commercial offers and questions about NIS2-related workflows.
FAQ
Common questions from compliance and security teams
Does this replace a full NIS2 compliance program?
No. Awarely Monitor supports vulnerability management and reporting readiness, but full compliance requires broader governance, policies, and controls.
Which sources are monitored?
We aggregate CVE data from NVD, CISA KEV, EUVD, and GitHub Security Advisories for a consolidated view.
What is EPSS and why does it matter?
EPSS (Exploit Prediction Scoring System) is a daily-updated probability score from FIRST.org that estimates the likelihood a CVE will be exploited in the next 30 days. Combined with CVSS severity, it helps teams skip the noise and patch what attackers are actually targeting.
Can we export evidence for audits?
Yes. CSV exports, scheduled PDF reports and the on-demand NIS2/ISO 27001 workflow report provide exportable documentation for internal audit preparation. The report brings together available SLA, CVE-remediation and workflow information with relevant reference context.
How does SLA tracking work?
Once a CVE is acknowledged, Awarely Monitor starts an SLA timer using the configured severity window. Default windows are CRITICAL 7 days, HIGH 14 days and MEDIUM 30 days. When configured, breach alerts support team follow-up and the workflow report shows available SLA information for the selected period.
Can I install Awarely Monitor as a mobile app?
Yes. Awarely Monitor is a Progressive Web App (PWA) — no app store needed. On iOS, open the site in Safari and tap "Add to Home Screen". On Android, open it in Chrome and tap "Add to Home Screen" (or use the Install prompt). On desktop Chrome/Edge, click the install icon in the address bar. Browser push delivery depends on browser and platform permissions.
