cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
IainCaldwell
Lansweeper Employee
Lansweeper Employee

Lansweeper is delighted to announce new capabilities in the security vulnerabilities space. Building on the foundations of our world-class scanning technology Lansweeper has enhanced our software scanning to normalize and enrich with NIST standard naming and identification. This enables Lansweeper to offer value add capabilities matching clients' software against NIST vulnerabilities databases.

This is a preview feature and will be iterated frequently over the next few months before the official release. Please use this space to give suggestions +ve or -ve to help us improve the product.

78 REPLIES 78
sj1
Engaged Sweeper

Is there any plans on enriching the vulnerability information on whether or not it has been actively seen used in the wild? Perhaps using something like the Known Exploited Vulnerabilities Catalog published by CISA.

Known Exploited Vulnerabilities Catalog | CISA

Jeepinat0r
Engaged Sweeper

Following...  This is a critical piece of info that helps us prioritize remediation efforts.

Hi @sj1 ,

Indeed we are already working to enrich our vulnerability information, and one of the feeds we will use will be the CISA catalog, as you suggested.

I don't have an exact timeframe for it, but it will be in the coming months.

 

 

whoami
Engaged Sweeper II

I was wondering if it would be worth having different options for organizing CVE's in Security Insights. Currently they are either Active or Ignored. It would perhaps be cool to be able to apply a custom label for each CVE or predefined one's such as "Under Review", "False Positive", etc. Instead of just "Ignored". 

I saw there are more filters and views for Security Insights which is really cool, but I am still unable to sort by the Assets column. I would like to sort this by count to see which CVE's affect the most assets. 

edu_ayus
Product Team
Product Team

Hi all!

We are doing today a big release for Security Insights. Customize Views, Advanced filtering, and Export capabilities are now available!

This will cover several of your requests and will provide a complete set of analytic capabilities on this menu.

Please, take a look at this article in the KB, where you can learn how it works: Customize the list of vulnerabilities

We appreciate all your feedback on these new functionalities.

Enjoy it!

Tried to export from the security listing and that worked. When I open a specific item and then try to export it fails. No error just no export. 

Do like the progress. The additional columns are usefull. Still do not understand where some of the reported vulnerabilities come from. Might be usefull to show a column patch available yes or no. 

For me to use this I would need additional information that helps me to know:

Severity ✔️

Asset ✔️

Software package and version where this is found 

jb_HSI
Engaged Sweeper

Since it can't detect the update supersedence chain, this feature only serves to confuse and mislead my managers on a dashboard.  Hopefully this works out.  Not getting a lot of use from the cloud offering thus far.  

Hi @jb_HSI ,

Thanks for your feedback. Please be patient, considering the feature is still in preview. What you are claiming is something we are currently working to solve, and it will be available in the coming months.

In the meantime, I encourage you to try the new analytic capabilities released today for vulnerabilities. Customizing the views, filtering the vulnerabilities, or exporting the info is already available!

James12
Engaged Sweeper II

What would also be nice is that I don't find today that I have 300 vulnerabilities then tomorrow it becomes 1000+ and then drops again by 1000+ the following day.

There is Something SERIUOUSLY  wrong with scanning of assets,  I have watched a perfectly  good assets come in clean for days and then all of a sudden after being scanned for several weeks, appear to have over 300 vulnerabilities for problems that are resolved by cumulative updates,  suggestion is that I install a patch from 6 months ago, Yet January updates are are clearly on the device, I have a server also missing updates supposedly for over 3 years? Run a report using our Lansweeper server, clean as a whistle, the same data we push to the cloud.

You can filter out stuff all day long but if the data isn't even valid  what is the point of claiming to to be able to scan vulnerabilities, preview or not this is making you look very bad  this becoming more alpha grade code  than preview. and to think your sales guys convinced me to  upgrade our license becuase this product was just about to leave preview and 3 months later all I'm hearing is this is still very firmly in preview mode

Hi @James12 ,

The decision to early release the functionality as preview was made with the aim of detecting (with your help) issues, limitations, or lack of functionality as soon as possible, making it possible to take the vulnerabilities module to the quality level it delivers value to the users.

As soon as we were aware of the limitation of NIST CVEs to detect the installation of KBs through cumulative patches, we started working on a solution that will enrich our vulnerabilities using Microsoft data allowing us to detect installed KBs even if they are individual or part of a cumulative patch.

Sorry for any inconvenience, we continue working hard to fulfill your expectations and recover your trust in this functionality soon.