Overview
To be able to detect vulnerabilities, agents collect a list of installed applications and send it anonymously to the central server.
The central server is a global vulnerability database from publicly available CVE repositories. Later, it is used to cross-correlate this information with the agent’s application inventory data.
The global vulnerability database is created automatically, currently pulling data from the following repositories:
https://canonical.com: Used to pull CVEs for Ubuntu Linux distributions.
https://www.redhat.com: Used to pull CVEs for Red Hat and CentOS Linux distributions.
https://www.debian.org: Used to pull CVEs for Debian Linux distributions.
https://nvd.nist.gov: Used to pull CVEs from the National Vulnerability Database.
https://msrc.microsoft.com: Used to pull Microsoft CVEs
Manual Curation to fix inaccuracies by the ConnectSecure Team(s)
Once the global vulnerability database (with the CVEs) is created, the detection process looks for vulnerable packages in the inventory databases (unique per agent).
Alerts are generated when a CVE (Common Vulnerabilities and Exposures) affects a package known to be installed in one of the monitored servers.
A package is labeled as vulnerable when its version is contained within the affected range of a CVE. The results are presented as provided in the instance with the remediations.
You can check the last sync time of vulnerability feeds from the ConnectSecure portal by tapping your avatar icon and then choosing the Vuls Feed Info option.
Zero-Day Identification and Prioritization
ConnectSecure’s backend team continuously monitors trusted sources such as CISA KEV, MITRE, and vendor advisories to identify and assess zero-day vulnerabilities.
Each zero-day is prioritized based on potential impact, exploit activity, and relevance to affected systems. This ensures that high-risk vulnerabilities receive immediate attention before an official vendor patch is released.
Signature / Plugin Update Process
Once a vendor releases an official fix, ConnectSecure updates its vulnerability database within 12–24 hours.
The updated information reflects:
Affected software versions
Patch availability
Recommended remediation steps
Customers are promptly advised to update to the latest secure release to ensure complete protection.
Detection Update Turnaround Time
ConnectSecure maintains continuous synchronization with MSRC, NVD, and other major vendor advisories.
This ensures that the platform detects and reflects newly released vulnerabilities as soon as vendors publish their updates.
Typical update turnaround time is 24–30 hours following Microsoft’s Patch Tuesday or other major vendor patch cycles.
Best Practices and Interim Monitoring
ConnectSecure alerts customers as soon as a zero-day vulnerability is identified and recommends using the alert and ticketing system .
Until an official vendor patch is released, customers are advised to:
Limit exposure by restricting access to affected systems
Apply protective measures such as firewalls and network segmentation
Enforce access restrictions to minimize potential impact
Communication and Notification
The preferred method of channel is the integrated ticketing system (PSA), which ensures:
Automatic ticket creation for each relevant vulnerability
Clear tracking and escalation of remediation tasks
Timely updates as new detections or patches become available
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article