Just Released: Vulnerability Sync

  • 29 September 2021
  • 16 replies
  • 598 views
Just Released: Vulnerability Sync
  • Anonymous
  • 0 replies

Hi, everybody - Chad here. We’re all extremely stoked to announce the release of Vulnerability Sync! This feature will help to dramatically reduce the time required to remediate vulnerabilities from days/hours (across multiple teams) to minutes, with a single click from one operator. Vulnerability Sync provides actionable insights based on data from Technical Partners including CrowdStrike, Rapid7, and Tenable that help IT teams quickly identify, analyze, prioritize, and remediate vulnerabilities.

 

In short, you’ll download a vulnerability report from a 3rd-party scanner, then upload that into the AX console. You’ll need to make sure the report lists hostnames and CVE IDs, as these are crucial to the sync. Then, simply upload the CSV file:

 

 

 

 

 

 


This topic has been closed for comments

16 replies

Userlevel 2

We posted a short demonstration video of how easy it is to use Vulnerability Sync. Be sure to check it out! And please share on your social media channels!

Awesome, thanks @Eric!

Userlevel 3

Hi! Cool feature…


What are the limitations for now?

We utilise Crowdstrike Spotlight, and I can export the vulnerabilities, but uploading them into the task page says they’re always “potential issues” and no tasks will be created.


It seems to show some tasks for Win10 vulnerabilities, but items like Chrome/Adobe/Git do not show anything.

Userlevel 4
Badge

Wow this is neat as. Can’t wait to play around with this.

Badge

This is great news, going to test it out this weekend.


Great post-ChadMC, does this only with these listed partners: CrowdStrike, Rapid7, and Tenable, or will others like Qualys work as well, I’ve tried to and successfully reads the CSV file, but no tasks is created just an error message “We discovered some potential issues with the imported data”.

Any feedback will be highly appreciated.

Thanks,

Jasper

This looks very interesting. Will it only apply remediations that involve installing updated software versions, or will it perform other actions, such as setting registry entries?

Userlevel 2

+1 to add a partnership with Qualys

Hey, @rmullen / @jgreen – sorry for the delay; crazy week. In a good way…mostly. So…“limitations”… This first iteration of Vuln. Sync will be for Windows/Linux only, with no 3rd-party support (already under consideration, though). Any vendor should work as long as the CSV is formatted correctly - the AX agent/sync need hostname and CVE (in that order). If hostnames are different, or there are hostnames without the Automox agent installed, you’ll see an error. If there is no CVE associated with something found in the scan, you’ll see an error. Qualys/others may report devices with CVEs by the IP address instead of hostname, so that’s something to check. If you want to PM me a screenshot, I can take a look/pass it along/etc.

Userlevel 4
Badge

Not to come off the wrong way here - what is the benefit of this for us as a customer if Automox is suppose to be scanning/syncing and remediating vulnerabilities on our devices already based of patching policies we have in place?

Hey, @cfrieberg – that doesn’t come off wrong/fair question. I’m roping in @Aleks for his take…

Thanks Chad.


Cfrieberg, you are right that if you are using a “Patch All” policy across your entire infrastructure this is not needed. However, we have found that for larger organizations there is frequently a need to be more surgical when applying patches.


We have found that in some cases user-defined policies can lead to some vulnerabilities falling through the cracks. Additionally, there can be gaps in Automox Agent deployments depending on the deployment mechanisms being used. Uploading vulnerability reports from a 3rd party systems can help spot these agent gaps so they can be fixed.


The story of Vulnerability Sync is really a story of perspective. From an IT Ops perspective, things might be rockin’, but from a Sec Ops perspective, there may be gaps to fill. With Vulnerability Sync, we have addressed the need for cross-team workflow when user-defined policies are insufficient for meeting security objectives.


I hope that helps.

Userlevel 4
Badge

Thanks Aleks!

Userlevel 2

This would be much more helpful with an API versus manual Export/Import. 

Where would one go to find a report to upload into Automox?

Where would one go to find a report to upload into Automox?

nevermind!