Overview
To be able to detect vulnerabilities, agents collect a list of installed applications and send it anonymously to the central server.
The central server is a global vulnerability database from publicly available CVE repositories. Later, it is used to cross-correlate this information with the agent’s application inventory data.
The global vulnerability database is created automatically, currently pulling data from the following repositories:
https://canonical.com: Used to pull CVEs for Ubuntu Linux distributions.
https://www.redhat.com: Used to pull CVEs for Red Hat and CentOS Linux distributions.
https://www.debian.org: Used to pull CVEs for Debian Linux distributions.
https://nvd.nist.gov: Used to pull CVEs from the National Vulnerability Database.
https://msrc.microsoft.com: Used to pull Microsoft CVEs
Manual Curation to fix inaccuracies by the ConnectSecure Team(s)
Once the global vulnerability database (with the CVEs) is created, the detection process looks for vulnerable packages in the inventory databases (unique per agent).
Alerts are generated when a CVE (Common Vulnerabilities and Exposures) affects a package known to be installed in one of the monitored servers.
A package is labeled as vulnerable when its version is contained within the affected range of a CVE. The results are presented as provided in the instance with the remediations.
You can check the last sync time of vulnerability feeds from the ConnectSecure portal by tapping your avatar icon and then choosing the Vuls Feed Info option.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article