Enterprise-Grade Automation, Communication, and Risk: Nucleus Q2 Updates

This release raises the bar for enterprise-grade vulnerability and exposure management. We’re delivering on the promise of smarter, faster risk reduction powered by automation, enriched data, and operational depth. From fix-level SLA tracking to scalable API workflows and stakeholder-ready reporting, every enhancement is designed to help teams do more with less, and prove it. 

Here’s a breakdown of some of the major product updates from Q2 2025. 

Custom Dashboards: Visibility That Adapts to You 

Security leaders need to track key performance metrics including: SLA adherence, team performance, ticketing gaps, and risk trends. With the GA release of Custom Dashboards, you can build and share tailored views across teams and roles. It’s powerful, integrated intelligence designed to improve communication, collaboration, and security outcomes. 

• Dashboards for every level. Build executive dashboards with visibility into vulnerability discovery and remediation trends, SLA adherence, MTTR, and more — automatically filtered by business unit, team, or user with built-in access control. 
• Cross-team performance at a glance. Compare teams by MTTR, open risk exposure, SLA compliance, risk scores and more — enabling security leaders to drive measurable outcomes. 
• Ticketing intelligence. Visualize the lifecycle of remediation with charts showing tickets by stage and over time. Surface vulnerabilities without assigned tickets. 
• Admin control and sharing flexibility. Admins can now set default dashboards per role, while users can create and share private or team-wide views. 
• Built for speed and scale. Dashboards remain responsive, up-to-date, and accurate, even across massive datasets.

Identify vulnerability trends by severity, SLA compliance, and more.

Tailor your Nucleus dashboards to target the details most important to you.

Fixes Page: Prioritize Fixes That Reduce the Most Risk 

Remediation requires more than one strategy. Fixing critical issues reduces immediate risk, but can leave behind long-tail vulnerabilities that grow your security debt.  

The Fixes Page helps teams work smarter. It groups vulnerabilities by shared fix and ranks them by the percentage of total risk each fix reduces. The result is a clear, prioritized list of upgrades that align with IT processes and deliver meaningful risk reduction in the most efficient manner possible, maximizing risk-reduction for effort. 

• Prioritize by impact, not noise. Get a ranked list of fixes showing the percent of total risk each fix eliminates — making it easy to choose the most effective actions first. 
• Consolidate effort to burn down risk. Group vulnerabilities by shared fix (e.g., “openssl-1.0”) to streamline patch planning, reduce duplicate work, and align to real-world patch cycles. 
• Track SLA performance by fix. Monitor SLA adherence based on fix-level remediation, not just CVEs — reflecting how teams actually remediate in practice. 
• Shift from urgent to strategic. Break out of reactive triage. Identify the biggest opportunities to reduce long-tail risk and burn down security debt over time.

Identify risk and the number of asset vulnerabilities that can be remediated by a given action.

Reporting Enhancements: Communicate and Track Progress 

Reporting isn’t just about data, it’s about delivering the right insights to the right audience. This quarter’s updates help teams automate, customize, and scale how they share vulnerability management performance. These enhancements help security teams stay accountable, demonstrate progress, and communicate outcomes more effectively. 

• Track SLA performance of group fixes. Measure SLA compliance based on fix-version groupings, aligning reporting with how remediation is actually executed — not just CVE-level snapshots. 
• Provide consistent, actionable metrics for leadership. MTTR, MTTD, and other key indicators are now available across dashboards and reports, supporting clear, confident decision-making. 

API & Automation: Build Once. Scale Everywhere. 

As vulnerability and exposure management programs mature, so does the need to automate more, with control. This quarter, we introduced new capabilities to help teams trust their automation, enrich data pipelines, and orchestrate at scale — all without increasing noise or complexity. 

Here’s how customers are putting these updates to work: 

• Test automation before going live. Validate rule logic against real findings with the new Rule Accuracy Tester before deploying, avoiding ticket floods and false positives. 
• Bulk enrich assets with context. Use the new Bulk Asset Metadata API to update metadata and trigger processing at scale — ensuring ownership, tags, and business context are always accurate. 
• Automate tenant and project provisioning. MSSPs and large enterprises can now programmatically spin up projects via API to accelerate onboarding and standardize operations. 
• Faster developer onboarding. Swagger-powered Live API Docs now include inline copy, sample payloads, and syntax highlighting to streamline custom integrations. 
• Precision filters for GRC and analytics. Enhanced findings API filters make it easy to power internal dashboards, risk registers, or acceptance workflows based on granular attributes. 

Looking Ahead 

These releases mark critical progress on our mission to unify and automate exposure management. But we’re not stopping here. Expect continued improvements to dashboards, deeper remediation intelligence, and AI-infused insights in the coming months. 

Want a walkthrough of the new capabilities? Schedule a demo.