> For the complete documentation index, see [llms.txt](https://docs.autopilotmonitor.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.autopilotmonitor.com/portal-guide/software-inventory-and-vulnerabilities.md).

# Software Inventory & Vulnerabilities

The **Software** area is a three-tab hub with a shared 7/30/90-day time range.

## Installs

The app-install health view across all enrollments:

* Stat cards (total apps, total installs, average failure rate) and a **Delivery Optimization rollup** — peer offload percentage, bytes saved via peers and Connected Cache, and a sourcing breakdown.
* A sortable **apps table**: app (with type badge — Win32, MSI, WinGet, …), installs, succeeded/failed, failure rate (red at ≥ 20 %), average duration, and a **trend** arrow (improving/worsening in percentage points).

### Per-app deep dive

Clicking an app opens its detail page — the place to answer *"is this app hurting our enrollments, and where?"*:

* Summary cards including **Trend** and **Flakiness** (share of installs that needed retries), plus a *"detection lies"* warning when installs reported success but the detection rule couldn't find the app afterwards.
* Charts: installs over time (stacked success/failure), install duration over time, **failure rate by app version**, and installer phase breakdown.
* **Top Failure Codes** with human-readable descriptions from a built-in error-code map, and **Device Model Correlation** with a *lift vs. baseline* multiplier that flags models failing disproportionately for this app.
* An **Affected Sessions** panel (filter Failed/All/Succeeded, configurable columns) linking straight to each session.

## Inventory

The normalized software inventory collected by the **Software Inventory & Vulnerability Analyzer** ([opt-in setting](/reference/settings.md#agent-analyzers)): every discovered title with version, publisher, session count, last-seen date, and whether it is CPE-mapped (the prerequisite for vulnerability matching).

## Vulnerabilities

The exposure panel correlates the inventory against **NVD CVEs**, the **CISA KEV** catalog, and **MSRC**:

* KPI tiles — affected devices, distinct CVEs, and known-exploited (KEV) count — plus a severity breakdown (Critical/High/Medium/Low).
* **Top CVEs by affected devices**, each linked to its NVD entry with CVSS score, a KEV badge for actively exploited vulnerabilities, and sample affected software.

Critical findings also surface directly on the affected sessions via the built-in rule [ANALYZE-ID-003](/rules/analyze-rules/built-in-rules.md#identity-and-security).

{% hint style="warning" %}
An empty vulnerability list means **no detected CVEs** — not a verified-safe fleet. Scanning must be enabled per tenant, and results are a lower bound if a scan hit its collection cap.
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.autopilotmonitor.com/portal-guide/software-inventory-and-vulnerabilities.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
