Vulnerability Management: Asset Discovery vs Vulnerability Detection Templates

[matejsmycka]

Hi, I have the following questions:

We are using Nuclei for vulnerability management and would like to better differentiate between asset discovery (enumeration and service detection) and regular vulnerability detection.

Is there any standard or ongoing effort within to distinguish between these two categories?
For example, through specific tags (e.g., using a defined set like A, B for asset discovery and C, D for vulnerability detection)?

If there isn’t an existing convention, what would be some optimal approaches to achieve this differentiation? Would you be against it if I were to review all templates and add the tag asset-discovery to suitable templates?

We believe such a distinction would be beneficial not only for our internal workflows, but also for all community.

[ehsandeep]

Hey @matejsmycka, thanks for creating this discussion. We don't currently have such a distinction in templates, but it would definitely be nice and useful to add. Unique tags would be a good way to differentiate and filter between the two. Here is some tags suggestion to keep it short and usable.

For discovery: discovery
For vulnerability: vuln

Let us know if you have any other ideas.

[matejsmycka]

#13648