Question

How to patch the unmatched vulnerabilities in automox

  • 5 February 2024
  • 3 replies
  • 44 views

Badge

Hello Everyone,

 

I want to know that how we can patch the vulnerabilities which is unmatched in the automox, I import the tenable result csv in automox and automox is able to find only 1 patchable vulnerabilities and there is almost 67 unmatched vulnerabilities, so how can we patch that.


3 replies

Userlevel 3
Badge

Hello Aakash,

‘Unmatched vulnerabilities’ means that there is no update within Automox which has been matched with a CVE. A very easy way to validate this is to take the CVE identifier and paste it into the Software page:


Think of Remediations as a checklist where you can validate whether or not it’s possible to deploy updates based on a CVE in bulk, rather than looking up CVEs one at a time on the Software page.

If there is a match, you have the option to remediate out of band. If there is no match it means one of two things:
1. It is an update for which Automox has no affiliated CVE data (unknown severity)

​​ or 2. It isn’t something an update will fix (IE registry modification/software uninstall)
For the items in reason 1, Automox can still patch via the Software page if needed, just search by application name instead of CVE ID. The other option is to create a Patch Only policy with what needs patching (add all items in the same policy).

For items in reason 2, a Worklet is required to configure/mitigate the CVE based on vendor or industry recommendations. The Worklet catalog has 350+ templates ranging from registry mods to software uninstall to ensuring the firewall/bitlocker is enabled. If there isn’t a template you can work from in the Catalog, one must be built from scratch. With OttoAI its easy to do. Without Otto, I recommend asking either here or other forums to get some feedback or find out how other folks are tackling it with powershell.

Badge

Thanks for your response,

 

I also want to know that how we can patch the new security updates or vulnerabilities which arise in the system, because automox have the software list of which is installed in our devices, so if there is any new vulnerabilities arise so how we can patch these vulnerabilities through api as well.

 

Userlevel 3
Badge

>if there is any new vulnerabilities arise so how we can patch these vulnerabilities through api

A policy has to be action on via the API. Without a policy, there is not remediation via the API. Policies can be built through the API. It all depends on what the mitigation is when deciding how to go about creating a Worklet policy if the mitigation is not a patch.
https://developer.automox.com/openapi/axconsole/operation/createPolicy/

Reply