Accelerate Vulnerability Investigations with Visual Contextualized Queries

Modern cloud environments generate a constant stream of vulnerability information across thousands of assets, frameworks, and packages. While filters are essential to navigate this data, they can quickly become overwhelming as environments grow.

Upwind’s new Investigate tab introduces a more efficient and guided way to explore vulnerabilities. Instead of relying on long lists of filters, Investigate organizes search parameters into a logical flow that allows users to build and refine complex queries step by step. The result is faster investigation, more accurate results, and a clearer understanding of what matters most in large, dynamic environments.

From static filtering to guided investigation

Traditional filter-based search requires knowing every field in advance, including the cloud account, namespace, framework, CVE, package, severity, and more. Even experienced users often need time to construct a useful query or remember the correct combinations.

Our new Investigate tab replaces that static process with a visual, contextual workflow. Each query begins with a starting point such as “Find Kubernetes workloads” and expands through logical relationships. Instead of memorizing field names, users are guided through available dimensions with relevant options surfaced dynamically.

For example, a security engineer can now build the following query in seconds:

• Find: Kubernetes Workload
• Where: Internet ingress = true
• And: Is high privileged = true
• And: Sensitive data categories = PII, PCI, PHI
• That has: CVEs with CVSS Severity = Critical or High
• And: Is Exploitable = true
• And: Is Fix Available = true
• Framework = Golang

The result is an immediate view of every matching workload, related CVEs, and associated risk factors, all surfaced through a single workflow.

How this changes vulnerability investigations

Our new Investigate tab is designed to turn raw data into structured queries without adding complexity.

• Guided exploration: Build multi-criteria searches visually instead of relying on manual filter selection.
• Context-rich relationships: See how CVEs, packages, and workloads connect across runtime environments.
• Faster triage: Narrow scope to issues that are exploitable, fixable, and present in active workloads.

This approach simplifies the investigation process, helping teams focus on the vulnerabilities that present real operational risk.

Example use cases:

• Prioritizing exposed virtual machines: Identify internet-facing VMs with Critical or High severity CVEs that are exploitable and have a fix available.
• Investigating vulnerable ECS workloads: Filter all active ECS workloads with Python-related vulnerabilities that are internet-exposed to target live workloads for patching.
• Analyzing serverless exposure: Locate serverless functions containing Critical or High CVEs in packages such as requests or express to identify hidden dependencies.
• Tracing vulnerable container images: View all images using specific frameworks (for example, Express from NPM) that contain exploitable CVEs, are in active use, and have available fixes.

Each of these examples shows how Upwind’s Investigate tab simplifies what previously required manual filter construction and deep familiarity with the data model.

What’s next

This latest release is the first step in a multi-tier release, which will expand beyond vulnerability data to additional Upwind modules including Threats, Events, and CSPM, providing a consistent way to explore and correlate every security signal in one unified interface.

By aligning query flow with how teams think about risk, our Investigate tab helps security organizations move from static filtering to prioritized analysis at scale.

Conclusion

Security need tools that make their vulnerability data more actionable without adding layers of tooling or manual effort. The Investigate tab addresses this challenge directly by making it faster to ask complex questions and reach meaningful answers. It reflects Upwind’s broader goal: to give organizations the ability to see how their environments actually operate, prioritize based on real exposure, and act with confidence at runtime. To learn more about how Upwind helps teams streamline investigations and focus on critical risks, schedule a demo with the Upwind team today.