Just Released: Vulnerability Sync

Hi, everybody - Chad here. We’re all extremely stoked to announce the release of Vulnerability Sync! This feature will help to dramatically reduce the time required to remediate vulnerabilities from days/hours (across multiple teams) to minutes, with a single click from one operator. Vulnerability Sync provides actionable insights based on data from partners including CrowdStrike, Rapid7, and Tenable that help IT teams quickly identify, analyze, prioritize, and remediate vulnerabilities.

In short, you’ll download a vulnerability report from a 3rd-party scanner, then upload that into the AX console. You’ll need to make sure the report lists hostnames and CVE IDs, as these are crucial to the sync. Then, simply upload the CSV file:

Once that’s done and processed, you’ll be able to create and execute a number of tasks:

Vulnerability Sync is currently available to all new and existing AX customers! You can read more about it here., and our Support Team has some great documentation right here. But, as always, please don’t be shy with questions - let’s go ahead and rope @Scott_Schoenberger in for the tough ones! :raised_hands:

2 Likes

We posted a short demonstration video of how easy it is to use Vulnerability Sync. Be sure to check it out! And please share on your social media channels!

3 Likes

Awesome, thanks @Eric!

Hi! Cool feature…

What are the limitations for now?
We utilise Crowdstrike Spotlight, and I can export the vulnerabilities, but uploading them into the task page says they’re always “potential issues” and no tasks will be created.

It seems to show some tasks for Win10 vulnerabilities, but items like Chrome/Adobe/Git do not show anything.

Wow this is neat as. Can’t wait to play around with this.

1 Like

This is great news, going to test it out this weekend.

1 Like

Great post-ChadMC, does this only with these listed partners: CrowdStrike, Rapid7, and Tenable, or will others like Qualys work as well, I’ve tried to and successfully reads the CSV file, but no tasks is created just an error message “We discovered some potential issues with the imported data”.
Any feedback will be highly appreciated.
Thanks,
Jasper

1 Like

This looks very interesting. Will it only apply remediations that involve installing updated software versions, or will it perform other actions, such as setting registry entries?

+1 to add a partnership with Qualys

1 Like

Hey, @rmullen / @jgreen – sorry for the delay; crazy week. In a good way…mostly. So…“limitations”… This first iteration of Vuln. Sync will be for Windows/Linux only, with no 3rd-party support (already under consideration, though). Any vendor should work as long as the CSV is formatted correctly - the AX agent/sync need hostname and CVE (in that order). If hostnames are different, or there are hostnames without the Automox agent installed, you’ll see an error. If there is no CVE associated with something found in the scan, you’ll see an error. Qualys/others may report devices with CVEs by the IP address instead of hostname, so that’s something to check. If you want to PM me a screenshot, I can take a look/pass it along/etc.

Not to come off the wrong way here - what is the benefit of this for us as a customer if Automox is suppose to be scanning/syncing and remediating vulnerabilities on our devices already based of patching policies we have in place?

Hey, @cfrieberg – that doesn’t come off wrong/fair question. I’m roping in @Aleks for his take…

1 Like

Thanks Chad.

Cfrieberg, you are right that if you are using a “Patch All” policy across your entire infrastructure this is not needed. However, we have found that for larger organizations there is frequently a need to be more surgical when applying patches.

We have found that in some cases user-defined policies can lead to some vulnerabilities falling through the cracks. Additionally, there can be gaps in Automox Agent deployments depending on the deployment mechanisms being used. Uploading vulnerability reports from a 3rd party systems can help spot these agent gaps so they can be fixed.

The story of Vulnerability Sync is really a story of perspective. From an IT Ops perspective, things might be rockin’, but from a Sec Ops perspective, there may be gaps to fill. With Vulnerability Sync, we have addressed the need for cross-team workflow when user-defined policies are insufficient for meeting security objectives.

I hope that helps.

3 Likes

Thanks Aleks!

2 Likes