cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
IainCaldwell
Lansweeper Employee
Lansweeper Employee

Lansweeper is delighted to announce new capabilities in the security vulnerabilities space. Building on the foundations of our world-class scanning technology Lansweeper has enhanced our software scanning to normalize and enrich with NIST standard naming and identification. This enables Lansweeper to offer value add capabilities matching clients' software against NIST vulnerabilities databases.

This is a preview feature and will be iterated frequently over the next few months before the official release. Please use this space to give suggestions +ve or -ve to help us improve the product.

78 REPLIES 78

This is something we've been thinking about, but I doubt we will go there.  Its more likely that we will try and focus on integrations that would push the list of affected CI's to an ITSM tool for change management or to a workflow tool that then integrates with your last mile automation toolsets (my experience is that most companies need to go through change control for most processes so integrating with those key vendors is our first step). 

Never say never as with our on-prem capabilities we do have some of the bits and bobs I just don't think its something we'd look at shortly (if at all).

 

Cheers Iain

abowman_s1
Engaged Sweeper

I would love to be able to export to a CSV or Excel file similar to how I can with local Lansweeper or Nessus.

@abowman_s1 the export via file capablity is something that we will be putting out for the std inventory list view.  Our expectation is that over time that will come to all list view screens including the vulnerabilities list.  Most likely we will do the list of assets impacted by a vulnerability first.

 

Cheers Iain

IainCaldwell
Lansweeper Employee
Lansweeper Employee

@Bernd Thanks for the feedback.  I'll take each point in turn and hopefully help 🙂

1) View the CVE - there is a new item on the cloud menu that looks like a shield with an exclamation mark in the middle (labelled Security Insights).  When you go into that you should have a list of vulnerabilities that relate to your assets.  The view is from a vulnerabilities perspective (rather than a list of assets that may or may not have vulnerabilities).  The list view has CVE on the far left with a bit of description etc + a total number of assets.  When you click the assets, it routes to a page of all the assets potentially at risk, however, if you click on the CVE it takes you to the CVE details page giving all the details of the vulnerability provided by NIST giving the CVE score along with criticality and a list of other references (one of which may have 'PATCH' as the resource).  Where you see PATCH its likely if you follow the link that its going to go to the publishers web site and you'll see the availability of a patch - this won't be the case for all as some don't have patches yet or maybe the vulnerability is a file level config item.

Hopefully this directs you to the details of the vulnerability.  Its worth mentioning that you'll need to have at least 10.2.2 installed to start seeing this (in the future the on prem version should have less impact, but for now to get the data flowing we need that).

If this isn't helping just come back on the thread and I'll see if we can get a better answer.

2 - slice&dice.  We are in the process of trialling a new feature to allow filters, field changes and extraction of data from our list view screens.  This is currently in beta on the std inventory screen (there is a post on joining the beta program if you are interested).  When finished this will be rolled out to the other list view screens including vulnerabilities.

3 - Asset not online for a few days.  Might need you to give me a bit more info on what you need here.  I think you are saying you want to be able to see assets that have been online but still have a vulnerability that you thought you'd patched for (think I'm wording that badly....so please restate and see if I manage to understand)

Again thanks for the feedback, feel free to add to the thread.

Finally, if this is a space you are very interested in and think you could give active feedback to improve, feel free to request being added to the customer voice program on this topic

https://community.lansweeper.com/t5/security-insights/cmp-p/grouphub%3ASI

 

IainCaldwell
Lansweeper Employee
Lansweeper Employee

@Kahran78 first info back from engineering is telling me its a limitation of the data feed from nist eg it would say windows_server_2016 it didn't get more granular.

Will do some more digging. 

One of the items we were planning was a way to do a bulk ignore... Maybe a short term solution might be we have a value for status of either open/closed/ignore.  With that and a way to bulk update they're would be a way stop seeing items that are no longer relevant 

 

Will continue to look into but welcome your thoughts

 

Kahran78
Engaged Sweeper

Very interesting feature. 

However I see that it shows a lot of Windows vulnerabilities that in our environment have been solved installing subsequent Windows 'cumulative updates', which include fixes from previous updates.

My impression is that in this moment Lansweeper don't recognize the vulnerability as solved if it doesn't find on the PC the specific KB update used by Microsoft to solve the CVE the first time. It should recognize that the subsequent cumulative updates resolve the problem as well.

Am I wrong? Sorry for the bad english

Thanks for the update, we will look into this and come back. I'm on holiday this week, but I've passed to tech team and I'll try provide an update next week

 

 

Cheers Iain 

RichieRich
Lansweeper Employee
Lansweeper Employee

Of all the new features this has to be the one I'm most excited about - the ability for Lansweeper Customers to immediately see vulnerable endpoints without needing to find time to download or create a relevant On-Prem Lansweeper Report and run it is truly Game Changing

Totally agree that this is a potential game changer! However at its current setup it is useless for me. 

  1. If I open an asset from a CVE, in the asset I can't see its vulnerabilities (or am I overlooking something?) 
  2. It would be nice to be able to easily slice&dice the items on the main overview of "Security Insights". Depending on the device, the patching policy might differ (systems that are exposed to the internet on one end versus OT servers in protected network segments at the other end of the spectrum)  
  3. also filtering out assets that havent been online for a few days obviously havent had any updates pushed, The priority of finding out why the ones that were online didn't install a patch..