Lansweeper is delighted to announce new capabilities in the security vulnerabilities space. Building on the foundations of our world-class scanning technology Lansweeper has enhanced our software scanning to normalize and enrich with NIST standard naming and identification. This enables Lansweeper to offer value add capabilities matching clients' software against NIST vulnerabilities databases.
This is a preview feature and will be iterated frequently over the next few months before the official release. Please use this space to give suggestions +ve or -ve to help us improve the product.
@Bernd Thanks for the feedback. I'll take each point in turn and hopefully help 🙂
1) View the CVE - there is a new item on the cloud menu that looks like a shield with an exclamation mark in the middle (labelled Security Insights). When you go into that you should have a list of vulnerabilities that relate to your assets. The view is from a vulnerabilities perspective (rather than a list of assets that may or may not have vulnerabilities). The list view has CVE on the far left with a bit of description etc + a total number of assets. When you click the assets, it routes to a page of all the assets potentially at risk, however, if you click on the CVE it takes you to the CVE details page giving all the details of the vulnerability provided by NIST giving the CVE score along with criticality and a list of other references (one of which may have 'PATCH' as the resource). Where you see PATCH its likely if you follow the link that its going to go to the publishers web site and you'll see the availability of a patch - this won't be the case for all as some don't have patches yet or maybe the vulnerability is a file level config item.
Hopefully this directs you to the details of the vulnerability. Its worth mentioning that you'll need to have at least 10.2.2 installed to start seeing this (in the future the on prem version should have less impact, but for now to get the data flowing we need that).
If this isn't helping just come back on the thread and I'll see if we can get a better answer.
2 - slice&dice. We are in the process of trialling a new feature to allow filters, field changes and extraction of data from our list view screens. This is currently in beta on the std inventory screen (there is a post on joining the beta program if you are interested). When finished this will be rolled out to the other list view screens including vulnerabilities.
3 - Asset not online for a few days. Might need you to give me a bit more info on what you need here. I think you are saying you want to be able to see assets that have been online but still have a vulnerability that you thought you'd patched for (think I'm wording that badly....so please restate and see if I manage to understand)
Again thanks for the feedback, feel free to add to the thread.
Finally, if this is a space you are very interested in and think you could give active feedback to improve, feel free to request being added to the customer voice program on this topic
@Kahran78 first info back from engineering is telling me its a limitation of the data feed from nist eg it would say windows_server_2016 it didn't get more granular.
Will do some more digging.
One of the items we were planning was a way to do a bulk ignore... Maybe a short term solution might be we have a value for status of either open/closed/ignore. With that and a way to bulk update they're would be a way stop seeing items that are no longer relevant
Will continue to look into but welcome your thoughts
Very interesting feature.
However I see that it shows a lot of Windows vulnerabilities that in our environment have been solved installing subsequent Windows 'cumulative updates', which include fixes from previous updates.
My impression is that in this moment Lansweeper don't recognize the vulnerability as solved if it doesn't find on the PC the specific KB update used by Microsoft to solve the CVE the first time. It should recognize that the subsequent cumulative updates resolve the problem as well.
Am I wrong? Sorry for the bad english
Totally agree that this is a potential game changer! However at its current setup it is useless for me.