cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
IainCaldwell
Lansweeper Employee
Lansweeper Employee

Lansweeper is delighted to announce new capabilities in the security vulnerabilities space. Building on the foundations of our world-class scanning technology Lansweeper has enhanced our software scanning to normalize and enrich with NIST standard naming and identification. This enables Lansweeper to offer value add capabilities matching clients' software against NIST vulnerabilities databases.

This is a preview feature and will be iterated frequently over the next few months before the official release. Please use this space to give suggestions +ve or -ve to help us improve the product.

78 REPLIES 78
rom
Champion Sweeper II

Yah... I check the insights every now and then in my lab to doublecheck them - I think* that these vulns reported don't work with supercedence/rollups - at least thats what I seem to find when I check this section of features.  I did just check CVE-2023-28250 which showed a remedy of April's patch, which I didn't have installed at the time of checking, so I patched with that patch...  then i patched with May's that came out recently, and it still reported as vulnerable.  I did notice that on-prem had the April patch as installed, then uninstalled/May patch installed (normal behavior to see the minus sign on old patch when plus sign new patch is there) - but the cloud doesn't show the April patch as ever being installed - it just kinda goes to May's when I synced the asset.  Soooooo - that leads me to believe that it 1) doesn't handle supercendence until someone on LS side/team updates the checks(??)  i'm not sure... but then 2) the cloud isn't accurately reporting the quickfix history...   so either one of those two scenarios could result in the report being inaccurate.

 

Capture.JPGCapture2.JPG

SSR
Engaged Sweeper

Any  near time improvement in the way vulnerabilities reports are presented  with able export Asset details along with CVSS in a user friendly manner than a mannual task of looking in to each CVSS.

Cole
Engaged Sweeper II

Is there a way to Ignore an asset from vulnerability scanning? We have some old XP, 7 machines that control equipment that can't be upgraded/patched. I don't want to remove the vulnerability from scanning other machines.

@Cole , as I mentioned below to dtracey, we are adding the vulnerabilities cause in a more comprehensive way. That, for example, will allow filtering by OS the vulnerabilities view. Another way to filter them, which you can already apply, is defining a state for those assets (e.g. EOL_asset) and creating a customize view filtering that state  (using the asset state filter).

I hope this helps you.

Hi, I must agree that Lansweeper should not show a machine as vulnerable that has been patched by a cumulative update. When will this be fixed?

Cole
Engaged Sweeper II

edu_ayus, well filtering thru a report is one thing, but I am more talking about excluding the asset from even being scanned which is much different. One big reason I went to the cloud was for security vulnerabilities and I hope lansweeper continues to work this part of it. Another big issue has already been mentioned is vulnerability showing up on computers that have been patched by a later update/patch that included the previous vulnerability. Thanks for your help.

dtracey
Engaged Sweeper II

Is there a way to filter vulnerabilities by operating system ?

Hi @dtracey ,

This is not possible yet, but it is a functionality already in our roadmap (short-term). We will provide the element/s causing a vulnerability(HW, OS, or SW) in a more explanatory way. This will allow easily filtering the vulnerabilities by OS as you are requesting.

dtracey
Engaged Sweeper II

any update on this ?

wcb
Engaged Sweeper III

"whoami" previously suggested custom labels or additional predefined statuses. Along these lines, I would push for a free text field to note a couple of quick details like which security team member is investigating and perhaps a service ticket number from our help desk.

A strict "assign to" of an existing user could be better though as that would be easy to use as a custom filter for the CVE list.

I would also suggest being able to apply the ignore option to individual assets under each CVE as we clear them or find that is a false positive for that asset. Perhaps ignoring the CVE at the top level would mark all currently identified assets as "ignore". This way if another asset later matches on this CVE it is not overlooked. It may not be a false positive for that added asset.