→ 🚀What's New? Explore Lansweeper's Fall 2024 Updates! Fall Launch Blog !

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
edu_ayus
Product Team
Product Team

Hi,

We are presenting a new functionality that will help to get visibility on the vulnerabilities affecting a specific asset in your inventory.

The new Security Insights tab available in the asset details will allow you to quickly understand the security threads for any relevant asset.

edu_ayus_0-1670581819405.png

Also, it improves the flow to drill down from a vulnerability to an associated asset and vice versa.

To get more detail on how to use it, visit the following KB article:

https://community.lansweeper.com/t5/cloud/viewing-the-vulnerabilities-affecting-assets/ta-p/64846

Remember to write a comment with any feedback for our vulnerabilities module or just to say how much you like it 😉 !

Thanks.

 

6 REPLIES 6
Michaelzip0
Engaged Sweeper III

is there a way to remove non active devices from the Asset part of the summary? I have assets that have not been scanned since 2021 and locally are not active we are just maintaining a history of them for now but it seems to be messing up my count in this new app. 

Hi @Michaelzip0,

That will be possible when we release the custom views with advanced filtering, expected in Q1'23.

It was already commented in the following post:

https://community.lansweeper.com/t5/forum/new-preview-capability-security-vulnerabilities/m-p/65049#...

Thanks!

FGF358
Engaged Sweeper II

Hi @edu_ayus, is this already possible today to filter the non active devices from the Asset part of the summary?

Hi @FGF358 and @Michaelzip0,

Filter vulnerabilities by asset state was enabled back in January thanks to the functions that enable customizable views.

How to apply this filter?

1. Open the advanced filter's configuration modal from the Active vulnerabilities view. You can do this from:

  • The action area of the left menu (under the "Customize view" action).
  • The button to the right of the local search engine in the upper right corner.

Screenshot 2023-04-26 at 09.34.48.png

2. Configure your filter criteria:

  • Choose the "Asset state" field in the first field dropdown.
  • As the operator, select "Equal to".
  • Select the asset status value you want to filter by, which is most likely "Active".

Screenshot 2023-04-26 at 09.38.48.png

 3. Apply the filter by clicking on the "Apply" button in the modal's footer. The system will apply the filtering instantly, and you will notice how the counters of how many assets are affected by each vulnerability may have changed. Quickly hover over the advanced filters button in the upper right corner to remember the filter criteria applied.

Screenshot 2023-04-26 at 09.42.00.png

4. To see the list of vulnerable assets filtered by the selected asset state, click on the vulnerability that interests you from the "Assets" column. An informative banner will remind you that the listing is being affected by a filter.

Screenshot 2023-04-26 at 09.44.50.png

Bonus tips:

 1. You can export the list of assets affected by a vulnerability filtered by an asset state at this time using the "Export view" action that you will find in the left menu. 

2. If the query for vulnerabilities affecting only assets of a specific state will be recurring, save your custom view privately to return to it quickly and save time on future occasions.

Screenshot 2023-04-26 at 09.50.08.png

3. Once the view is saved, you can share it with all or some of your team members.

Screenshot 2023-04-26 at 09.51.58.png

 

I hope this information helps you!

edu_ayus
Product Team
Product Team

Hi @Hendrik_VE,

- Thanks for the feedback, it is concrete, and it has value for us. I totally agree with it, as I also consider providing visibility of the element in the asset (HW/OS/SW) causing the vulnerability saves time for users pointing them to the key component to review. In fact, I am glad to say this is already in our backlog, and it will become part of Sec. Insights in the coming months. Confirming with messages like yours it will be helpful for users is very nice.

- I reviewed the CVE from your post and it is true Mozilla Firefox ESR is supposed to be fixed with versions >91.3. I see two options two validate:

  • There is no other Firefox distribution installed on the machine (which needs versions >94.0
  • There is a second configuration described on the CVE, related to the Debian distribution, maybe it could apply

edu_ayus_0-1670858365257.png

Once we introduce the functionality described above, it will avoid doing this validation. 🙂

Thanks again for the post, and I hope to see more feedback coming from you. I would also be happy to have a call to continue discussing about Security Insights, just let me know if you are interested.

Regards 

 

Hendrik_VE
Champion Sweeper III

Nice addition. Two remarks though:
- It would be much more useful if it would also point to the vulnerable component in the asset. For instance, the first asset I look at shows a critical (10 score) vulnerability:

Hendrik_VE_0-1670586528582.png

It doesn't tell me where it comes from (in my case I guess it comes from a Mozilla Firefox installation). It would become interesting if you could click on the vulnerability and from there open up a page/get a pop up displaying the affected software/hardware component.

- The CVE tells me the vulnerability is solved in Firefox >91.3 (I have 91.6), so it seems I'm not affected and it's giving me a false sense of insecurity. In order to use the Security Insights module, it's importing that it's giving accurate information.

Hendrik_VE_1-1670586962336.png