Use this vulnerability scan runbook to plan, execute, and document results during security assessments.
What's inside
Scope & Targets
Preparation & Authorization
Execution Plan
Findings & Risk Rating
Remediation & Verification
Evidence & Artifacts
Action Log
How to use this template
Define scope and authorization: [Scope description], [Authorized by], [Approval status].
List targets and assets: [Target hosts], [IP ranges], [Asset inventory].
Schedule the scan: [YYYY-MM-DD], window [Start time]–[End time], tool: [ToolName].
Run the scan and collect results: [Log location], [Output file path].
Review findings with stakeholders and assign remediation owners: [Owner], [Due date].
Verify remediation in a follow-up scan and update the report: [Verification window].
Archive evidence and close findings in the risk register: [Archive path].
Why it works
Who should use this template?
Security engineers, IT operations, and compliance teams use this to ensure scans are repeatable and auditable. It creates a single source of truth for assets, findings, and remediation.
What kinds of vulnerabilities does it cover?
The template supports OS and app vulnerabilities, misconfigurations, and sensitive-data exposure. Customize the vulnerability identifiers to align with your scanner’s output.
How should I handle sensitive data?
Store results in restricted repositories, redact PII where possible, and rotate credentials used during testing. Maintain a strict access policy for the final report.
Action log
Question to resolve: [Query], Owner: [Name], Due: [YYYY-MM-DD]
Decision: [Decision note], By: [Name], Date: [YYYY-MM-DD]