Skip to main content

Unsupported Software - 3rd Party Applications

C

I am wondering how the community handles software in use that is not being patched because it isn’t supported, the three ways I was advised of to identify them were:


• Open a device details page and check if you see a value in latest version

• Check the software page and see if a patch is available for a product

• Reference the supported software page: https://docs.automox.com/home/software/third-party-software


Unfortunately, none of these options provide me with an efficient means to get visibility to all unsupported (potentially unpatched) software currently in use. This could leave an endpoint vulnerable.


My deployment is small and it is already a challenge, so I am assuming that there is a way to monitor this that I am not currently aware of.


Any recommendations?

    3 replies

    Schuyler-Automox

    There is also a field/attribute in the API response for GetSoftware called is_managed, meaning is managed by Automox. There is a solution that will be implemented in the next month or 2 that will allow you to filter on this field in search from the UI. Currently you would have to do an API request and filter in the result:

    Supported


            "id": 256314695,

        "server_id": 1499327,

        "package_id": 2095370,

        "software_id": 6187,

        "installed": true,

        "ignored": false,

        "deferred_until": null,

        "name": "org.mozilla.firefox",

        "display_name": "Firefox",

        "version": "67.0.4",

        "repo": "Mozilla",

        "group_ignored": false,

        "group_deferred_until": null,

        "cves": null,

        "cve_score": null,

        "severity": null,

        "package_version_id": 3833079,

        "os_name": "OS X",

        "os_version": "10.15.2",

        "create_time": "2020-01-15T18:34:10+0000",

        "requires_reboot": false,

        "patch_classification_category_id": null,

        "patch_scope": null,

        "is_uninstallable": false,

        "secondary_id": null,

        "is_managed": true,

        "impact": null,

        "organization_id": 1456,

        "agent_severity": null

    }

    Unsupported


    {

        "id": 256314809,

        "server_id": 1499327,

        "package_id": 2100235,

        "software_id": 16934,

        "installed": false,

        "ignored": false,

        "deferred_until": null,

        "name": "com.Adobe.PhotoshopCC",

        "display_name": "Adobe Photoshop CC 2019",

        "version": "20.0.7",

        "repo": "Adobe",

        "group_ignored": false,

        "group_deferred_until": null,

        "cves": null,

        "cve_score": null,

        "severity": null,

        "package_version_id": 3863634,

        "os_name": "OS X",

        "os_version": "10.15.2",

        "create_time": "2020-02-03T07:42:26+0000",

        "requires_reboot": false,

        "patch_classification_category_id": null,

        "patch_scope": null,

        "is_uninstallable": false,

        "secondary_id": null,

        "is_managed": false,

        "impact": null,

        "organization_id": 1456,

        "agent_severity": null

    }

    The link for this API request is here: https://docs.automox.com/api/endpoints/list-software-packages-for-a-device

    Nic-Automox
    1 person likes this
    • Nic-Automox
      Nic-Automox
    C
    • cjmox
    • Author
    • Rookie
    • 1 reply
    • April 22, 2020

    Thank you for the response. I am trying to execute the API request from the link you had provided and the script appears to run; but I do not know where the output is going?


    Pretty sure I am doing something wrong as I am not a programmer, any advice?

    Nic-Automox
    • Nic-Automox
    • Former Automox Employee
    • 832 replies
    • April 22, 2020

    How are you running the API calls? You’ll typically need to either put the API call in some code which then receives the return info that you can then manipulate and report on. Or you can use some software designed to test and design your API calls, such as Postman. I have a quick guide on how to set that up if you haven’t done it before:
     

     

     


    If you’ve never used an API before and want Automox to be your first (you always remember your first API) then this is the guide for you. By the end of this document you’ll have made your first API call and can see the results from your environment.
    Step 1: Download Postman
    Postman is a handy tool for testing out API calls to make sure they work before putting them in a script. They have a freemium version for individuals and small teams that you can download:


    They’ve got versions for Wi…

     

     

     

     

    Reply


    Terms & ConditionsCookie settings

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings