Are people finding this Risk Insight vulnerability interface in LS Cloud remotely usable?

Taylor · ‎04-02-2024

Setting aside for the moment the constant NVD popup spam, I'm sort of blown away at how unusable the interface is for all of the Lansweeper Cloud Vulnerability content is. The number of fields/columns available at any given level is terribly inconsistent and if you get a layer or two into anything you've lost all of the asset-relevant fields as filter options.

The Risk Insights section ought to be where all the value is and instead its just an endless ghost-chasing exercise. All value there is nullified to zero by the lack of filtering capabilities. It's just all noise and the value add is negative relative to any other approach to this including manual efforts.

99% of the reports and findings are just bloated with stale data from offline endpoints (e.g. laptops, tablets, etc.) and there's zilch in the way of practical filtering that is standard in other software of the sort to filter out endpoints that haven't been scanned in X days.

Dashboard editor is similarly limited and little of it functions as you'd desire. Things scale incorrectly such pie graphs will eat up any scale-up space rather than allowing for the legend/data to be viewable regardless of how large things are sized to be.

At best you can maybe get an idea from the Risk Insights section of potentially vulnerable software and then use the Software section rather than the security sections to do the actual endpoint identification and targeting/evaluation as you can filter there based on a 'last seen' field which is MIA from the Risk Insight module entirely.

Open to anyone's recommendations on how they've managed to squeeze value out of this as it's been a major disappointment so far.

oodos · 4 weeks ago

We found that lansweeper does not understand when patches are back ported and updated on many linux versions. ubuntu debian rhel centos rocky. we can update a server to the lastest version and still see 700 vulnerabilities on one system in some cases. other situations show 24 when there is only 1. it looks like we are not patching the systems when customers see their weekly or monthly report. we reported this around november 2023 and it is still not fixed.

we would like a way to disable vulnerability reporting based on the detected operating system , for example , if operating system = ubuntu then just report as "unable to assess" . at least the vulnerability reporting for windows systems is quite a bit better.

as for the content of the vulnerability web reports everyone we sent them to asked how can we used that ? what does it mean? to make the information useful we used the api to get the cve then did a lookup of the risk score https://www.first.org/epss/model to prioritise the vulnerabilities then from the CVE extracted the name of the software or manufacturer from the CVE as a tag . this enabled us to produce a report indicating the software needing updates and an actual indicator of risk . this is enough information for the person getting the report to know what application or operating system needs updating on what system and to do those with the highest epss score first.

twmackenzie · ‎04-03-2024

Hi @Taylor,

Thanks for your honest feedback across the multiple points you have mentioned. The user experience of Risk Insights has been a topic of discussion for us over the past weeks. Our head of UX, Claudio, is particularly passionate about making some changes in this area.

I'd like to connect you with Claudio and Maria, the Product Manager for Risk Insights, to further explore what you have brought up here. I'll send you a direct message shortly to arrange a meeting.

On that note, if anyone else has feedback, please do send it to us!

Thanks,
Thomas

Are people finding this Risk Insight vulnerability interface in LS Cloud remotely usable?

New to Lansweeper?

Try Lansweeper For Free