We posted a short demonstration video of how easy it is to use Vulnerability Sync. Be sure to check it out! And please share on your social media channels!
Hi! Cool feature…
What are the limitations for now?
We utilise Crowdstrike Spotlight, and I can export the vulnerabilities, but uploading them into the task page says they’re always “potential issues” and no tasks will be created.
It seems to show some tasks for Win10 vulnerabilities, but items like Chrome/Adobe/Git do not show anything.
Wow this is neat as. Can’t wait to play around with this.
This is great news, going to test it out this weekend.
Great post-ChadMC, does this only with these listed partners: CrowdStrike, Rapid7, and Tenable, or will others like Qualys work as well, I’ve tried to and successfully reads the CSV file, but no tasks is created just an error message “We discovered some potential issues with the imported data”.
Any feedback will be highly appreciated.
Thanks,
Jasper
This looks very interesting. Will it only apply remediations that involve installing updated software versions, or will it perform other actions, such as setting registry entries?
+1 to add a partnership with Qualys
Hey, @rmullen / @jgreen – sorry for the delay; crazy week. In a good way…mostly. So…“limitations”… This first iteration of Vuln. Sync will be for Windows/Linux only, with no 3rd-party support (already under consideration, though). Any vendor should work as long as the CSV is formatted correctly - the AX agent/sync need hostname and CVE (in that order). If hostnames are different, or there are hostnames without the Automox agent installed, you’ll see an error. If there is no CVE associated with something found in the scan, you’ll see an error. Qualys/others may report devices with CVEs by the IP address instead of hostname, so that’s something to check. If you want to PM me a screenshot, I can take a look/pass it along/etc.
Not to come off the wrong way here - what is the benefit of this for us as a customer if Automox is suppose to be scanning/syncing and remediating vulnerabilities on our devices already based of patching policies we have in place?
Hey, @cfrieberg – that doesn’t come off wrong/fair question. I’m roping in @Aleks for his take…
Thanks Chad.
Cfrieberg, you are right that if you are using a “Patch All” policy across your entire infrastructure this is not needed. However, we have found that for larger organizations there is frequently a need to be more surgical when applying patches.
We have found that in some cases user-defined policies can lead to some vulnerabilities falling through the cracks. Additionally, there can be gaps in Automox Agent deployments depending on the deployment mechanisms being used. Uploading vulnerability reports from a 3rd party systems can help spot these agent gaps so they can be fixed.
The story of Vulnerability Sync is really a story of perspective. From an IT Ops perspective, things might be rockin’, but from a Sec Ops perspective, there may be gaps to fill. With Vulnerability Sync, we have addressed the need for cross-team workflow when user-defined policies are insufficient for meeting security objectives.
I hope that helps.
This would be much more helpful with an API versus manual Export/Import.
Where would one go to find a report to upload into Automox?