...
...
...
...
Overview
Info |
---|
Database(s) are syncing at least once every 24 hours at a minimum |
...
You can check the last sync time of vulnerability feeds from the ConnectSecure portal by tapping your avatar icon and then choosing the Vuls Feed Info option.
...
Windows Vulnerability Check
Get the list of cumulative updates and key file versions on the system using OSQuery
Send this to the central server
The central server checks hot fixes against DB that has been curated
It finds missing hotfixes and security updates
It finds all vulnerabilities tagged as fixed in those versions
For each application, the application is marked as Microsoft or Non-Microsoft. If Microsoft, then we have a DB of all application versions and the Patch-associated
For Microsoft applications, we run a query for the highest version of patched files and then reverse lookup to see which patch it belongs to. We then determine what patches are missing and then reverse lookup vulnerabilities fixed by those versions to display the vulnerabilities
For Non Microsoft Applications, we convert the app name into the CPE as defined in https://nvd.nist.gov/products/cpe
Once we determine the CPE, we then fetch CVEs by CPE
We then lookup the version constraints and based on that information, get the CVEs for the application
The fixed version is then picked up by querying our patching repo to find the latest version released and provide that as a remediation