Vulnerability Sync Updates

  • 21 January 2022
  • 3 replies
  • 379 views

Userlevel 3
Badge

Hey everyone! :wave:

If you haven’t already seen it, we’ve made updates to the vulnerability sync experience in the console :grin:

 

Now there are more options for what CVE report type can be uploaded to the Automox console. We’ve added Qualys to our list of supported reports! Of course, you can continue to use CrowdStrike, Rapid7, and Tenable reports, or select “Generic Report” in other scenarios.

3d94oLAGc2Q2kxS_4Mg2B1DpnkVetwp7CFWEikhnePFQQfjbRQEojZHjuG-NvDOOCBjcpDCSEv_OAjNtdClHVeQuJkUN8K3QGXnsrYc80Evskc5FZIIfWRnoH4poIAjRY_adtOP6

Additionally, our Tenable support has been updated so you no longer need to manually modify it to be compatible with Automox - the report format is now supported out-of-the-box. We hope this expedites your workflow even more, so that you can fix vulnerabilities quickly!

 

We now also use case insensitive lookups, which should make searching by hostname or FQDN much smoother than before.

 

Which CVE report type does your organization use? Drop a comment below!

 

‘Til Next Time,

Jessica Starkey | Technical Marketing Engineer


3 replies

Hi there,

We are using the Crowdstrike input, however we come across a number of potential issues with the label “CVE Not Applicable”. What does this mean as I cannot find any other information on the community. 

Thanks!

Userlevel 6
Badge

Hi there,

We are using the Crowdstrike input, however we come across a number of potential issues with the label “CVE Not Applicable”. What does this mean as I cannot find any other information on the community. 

Thanks!

Hey @ChrisG -

Thanks for checking in! I asked my Vulnerability Sync team and they said that the issue could be caused by CVEs that are superseded by other CVEs (addressed in another CVE/update-set) or by CVEs that require changes in configuration (not exclusive to a simple application of a patch alone and/or automation is not yet supported due to the nuance of the change).

Hope that helps answer your question.

We use Qualys.  Thanks for the update!

Reply