Skip to main content

Documentation

Everything you need to get vendor security monitoring up and running.

Getting started

From zero to your first security alert in under 5 minutes.

1. Add your vendors

Search by vendor name and Gjall auto-discovers their status page, CVE feed, and GitHub advisories. You can import dozens at once using bulk add.

2. We start monitoring immediately

Gjall scans NVD CVEs, CISA KEV, vendor status pages, and breach feeds. Historical alerts from the last 30 days backfill automatically.

3. Set up Slack notifications

Paste your Slack webhook URL in Settings → Notifications. You'll get a message whenever a high or critical alert is detected.

4. Review AI triage

Claude analyzes each alert against your vendor criticality level and answers: does this actually affect me? This cuts noise by ~70%.

5. Generate your first report

Head to Reports and click 'Generate'. You get a SOC 2 CC9.2-mapped PDF with all alerts, risk scores, and remediation evidence.

Adding vendors

Gjall maintains a registry of 500+ common SaaS vendors with pre-configured monitoring rules. Type a vendor name in the search bar to find it — the registry includes canonical names, aliases, CVE keywords, and status page URLs.

If a vendor isn’t in the registry, use the Request vendor link that appears in search results. Community-requested vendors are typically added within 48 hours.

Vendor criticality

Gjall uses AI to suggest a criticality level (critical / high / medium / low) based on what the vendor does and how it integrates with typical business workflows. You can override this at any time. Criticality affects alert prioritization and AI triage decisions.

Understanding alerts

Each alert has a severity level (critical / high / medium / low) and a source type.

NVD CVE

National Vulnerability Database — every published CVE

CISA KEV

Known Exploited Vulnerabilities — actively exploited CVEs

GitHub Advisory

GitHub Security Advisories for open-source dependencies

Status Incident

Vendor status page incidents — outages and degradations

Breach

Confirmed breach reports from public sources

AI triageruns automatically on every alert above medium severity. It considers the CVE description, your vendor’s criticality level, the EPSS exploitation probability score, and any existing mitigations to produce a plain-English summary and recommended actions.

You can acknowledge or silence alerts. Silenced alerts are hidden from the default view but remain in the audit trail.

Configuring notifications

All notification settings live in Settings.

Slack

Paste your Slack Incoming Webhook URL. Gjall sends one message per alert with severity, vendor, and a direct link to the alert detail.

Email

Add an alert email address. You'll receive a digest of new alerts detected in each scan cycle.

Webhook

Point a custom webhook URL at any endpoint. Gjall POSTs a JSON payload with the full alert record including CVE data and AI triage.

Audit reports

Gjall generates audit evidence packages mapped to SOC 2 CC9.2 (vendor risk management control). Auditors recognize the format — it includes all the fields they typically ask for.

To generate a report, go to Reports, choose a date range, and click Generate report. The report includes:

  • All vendors and their current criticality level
  • Alert history for the period with AI triage summaries
  • Risk scores and score history
  • SOC 2 control mapping with evidence narratives
  • Remediation status (acknowledged / silenced / open)

FAQ

How often does Gjall scan my vendors?

Gjall runs a full scan approximately every 15 minutes. The dashboard shows the time of the last scan in the stats cards.

What happens when my trial ends?

Your account switches to read-only mode. All your data — vendors, alerts, and reports — is preserved. You can upgrade at any time to resume monitoring.

Can I add vendors that aren't in the registry?

Yes. Use the 'Request vendor' link in the vendor search results. We typically add community-requested vendors within 48 hours.

Does Gjall store my vendor data?

Gjall stores the list of vendors you've added and the alert records it discovers. It does not store your internal tools, code, or business data.

How does AI triage work?

When a new alert is detected, Gjall sends the CVE description, your vendor's criticality level, and your company context to Claude. Claude returns a priority rating (critical / high / medium / low) and a plain-English explanation of the risk. AI triage is independent of the alert severity from NVD.

Can multiple team members use the same account?

Yes. Go to Settings → Team to invite members. Each member gets their own login and the same access to all vendors and alerts.

Ready to get started?

14-day Pro trial. No credit card required.

Start free trial