This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

New Preview Capability - Security Vulnerabilities

IainCaldwell
Lansweeper Employee
Lansweeper Employee

‎07-08-2022 10:11 AM - last edited on ‎06-14-2023 08:04 PM by

Lansweeper is delighted to announce new capabilities in the security vulnerabilities space. Building on the foundations of our world-class scanning technology Lansweeper has enhanced our software scanning to normalize and enrich with NIST standard naming and identification. This enables Lansweeper to offer value add capabilities matching clients' software against NIST vulnerabilities databases.

This is a preview feature and will be iterated frequently over the next few months before the official release. Please use this space to give suggestions +ve or -ve to help us improve the product.

78 REPLIES 78
rom
Champion Sweeper III
In response to Tyler

‎05-17-2023 07:33 PM - edited ‎05-17-2023 07:36 PM

Yah... I check the insights every now and then in my lab to doublecheck them - I think* that these vulns reported don't work with supercedence/rollups - at least thats what I seem to find when I check this section of features.  I did just check CVE-2023-28250 which showed a remedy of April's patch, which I didn't have installed at the time of checking, so I patched with that patch...  then i patched with May's that came out recently, and it still reported as vulnerable.  I did notice that on-prem had the April patch as installed, then uninstalled/May patch installed (normal behavior to see the minus sign on old patch when plus sign new patch is there) - but the cloud doesn't show the April patch as ever being installed - it just kinda goes to May's when I synced the asset.  Soooooo - that leads me to believe that it 1) doesn't handle supercendence until someone on LS side/team updates the checks(??)  i'm not sure... but then 2) the cloud isn't accurately reporting the quickfix history...   so either one of those two scenarios could result in the report being inaccurate.

 

Capture.JPGCapture2.JPG

SSR
Engaged Sweeper

‎04-12-2023 11:14 AM

Any  near time improvement in the way vulnerabilities reports are presented  with able export Asset details along with CVSS in a user friendly manner than a mannual task of looking in to each CVSS.

Cole
Engaged Sweeper II

‎03-21-2023 02:02 PM

Is there a way to Ignore an asset from vulnerability scanning? We have some old XP, 7 machines that control equipment that can't be upgraded/patched. I don't want to remove the vulnerability from scanning other machines.

edu_ayus
Product Team
Product Team
In response to Cole

‎03-23-2023 09:34 AM

@Cole , as I mentioned below to dtracey, we are adding the vulnerabilities cause in a more comprehensive way. That, for example, will allow filtering by OS the vulnerabilities view. Another way to filter them, which you can already apply, is defining a state for those assets (e.g. EOL_asset) and creating a customize view filtering that state  (using the asset state filter).

I hope this helps you.

ajlangendijk
Engaged Sweeper III
In response to edu_ayus

‎04-05-2023 11:41 AM

Hi, I must agree that Lansweeper should not show a machine as vulnerable that has been patched by a cumulative update. When will this be fixed?

Cole
Engaged Sweeper II
In response to edu_ayus

‎03-24-2023 01:27 PM

edu_ayus, well filtering thru a report is one thing, but I am more talking about excluding the asset from even being scanned which is much different. One big reason I went to the cloud was for security vulnerabilities and I hope lansweeper continues to work this part of it. Another big issue has already been mentioned is vulnerability showing up on computers that have been patched by a later update/patch that included the previous vulnerability. Thanks for your help.

0 Kudos
dtracey
Engaged Sweeper II

‎03-14-2023 09:58 PM

Is there a way to filter vulnerabilities by operating system ?

edu_ayus
Product Team
Product Team
In response to dtracey

‎03-15-2023 01:58 PM

Hi @dtracey ,

This is not possible yet, but it is a functionality already in our roadmap (short-term). We will provide the element/s causing a vulnerability(HW, OS, or SW) in a more explanatory way. This will allow easily filtering the vulnerabilities by OS as you are requesting.

dtracey
Engaged Sweeper II
In response to edu_ayus

‎05-09-2023 01:39 PM

any update on this ?

0 Kudos
wcb
Engaged Sweeper III

‎02-28-2023 07:01 PM

"whoami" previously suggested custom labels or additional predefined statuses. Along these lines, I would push for a free text field to note a couple of quick details like which security team member is investigating and perhaps a service ticket number from our help desk.

A strict "assign to" of an existing user could be better though as that would be easy to use as a custom filter for the CVE list.

I would also suggest being able to apply the ignore option to individual assets under each CVE as we clear them or find that is a false positive for that asset. Perhaps ignoring the CVE at the top level would mark all currently identified assets as "ignore". This way if another asset later matches on this CVE it is not overlooked. It may not be a false positive for that added asset.

Product Discussions

Share feedback, exchange ideas and find answers to Lansweeper product questions.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now