1. A vulnerability scan is a frequent and ongoing (often automated) process that continuously identifies vulnerabilities and monitors cybersecurity progress.
2. Several things should be considered when conducting a vulnerability scan.
   • What and when to scan: workflow interruptions and technical constraints may pose limits.
   • Focus on high-value inventory.
3. Types of vulnerability scans
   • credentialed scans
   • non-credentialed scans
   • intrusive scans
   • non-intrusive scans
4. Examining results
   • importance of each vulnerability
   • consider using a scoring system such as the CVSS
   • accuracy
     • must identify false positives and false negatives
5. Data management tools
   • these can be used to manage all the data generated by vulnerability scanning
6. Threat hunting
   • While vulnerability scans are reactive, threat hunting is proactive.
   • This involves searching for undetected threats.