After you set up and connect your integration for Automated Vulnerability Remediation (AVR), from the Remediations page, you can view remediation reports, create new connections, filter and search for recent reports, and manage configurations.
The following topics are described here:
Prerequisites
You have zone administrator or zone operator permissions for the zone where the devices are located.
Your zone is under a plan that includes automated vulnerability remediations.
Automated Remediations Table
From the main Remediation page, select the Automated tab to view the following data about recent remediations.
Column name | Description |
|---|---|
Report | Click the name of report to view remediation details |
Status | Status of the remediation |
Patchable Vulnerabilities | Shows the number of patchable vulnerabilities |
Rapid7 Solutions | Shows the number of Rapid7 solutions |
Unknown Devices | Shows the number of devices that are unknown |
Updated | Date and time when report was created? |
Actions | Possible actions:
|
Filter Panel
Use the filter panel to customize the display of the remediations table.
Column name |
|
|---|---|
Reports | View remediation reports by most recent executions or show historical progress by including previous executions. |
Status | Filter the display to show complete, in-progress, or failed remediations. |
Configuration | Customize your display to search by specific configurations. |
Display Options | Show historical data for the specified grouped configurations or hide grouped configuration to show data listings for all configurations. |
Configurations Table
Select the Configurations tab to view and manage configurations. The table provides the following data. Use the Actions menu to edit a configuration.
Column name | Description |
|---|---|
Name | Name of the configuration |
Connection | The connection associated with the configuration |
Rapid7 Asset Tags | All Rapid7 asset tags associated with the configuration |
Rapid7 Vulnerability Scope | Specifies the Rapid7 vulnerability scope type |
Next Scheduled Run | Shows the time and date of the next scheduled run |
Actions | Possible actions:
|
Viewing Remediation Details
You can view the Remediation Details page of any report. This provides a detailed view of the specific vulnerabilities affecting your environment and options to remediate them.
From the Automated page, click View Report to open the details page.
Identified vulnerabilities are automatically parsed into three categories:
Patchable Vulnerabilities
Rapid7 Solutions
Unknown Devices
Patchable Vulnerabilities
Patchable Vulnerabilities lists vulnerabilities in packages that are grouped by severity. The package includes the CVEs and affected devices.
Click Remediate to install and patch the devices without a schedule.
Note:
If the device is online and available, the patch is installed immediately.
If the device is offline or unavailable, the status shows as pending and will patch when the device is available.
If a patch install requires a reboot, this action will not automatically restart a device.
When the remediation is in progress, a status will show which patches are In Progress, Failed, or were a Success.
Filtering and searching for packages
You can use the filter panel and search bar to search for specific remediations by severity, CVE ID, or KB. You can also search for specific devices within each remediation Devices list.
Rapid7 Solutions
Vulnerabilities that must be remediated using a workflow other than patching, such as configuration changes, are listed under the Rapid7 Solutions tab. Rapid7 supplies information about how to remediate with the vulnerability data.
Click Remediate With Worklet to view a list of your existing worklet policies to remediate with.
You can use the search bar in the Remediate with Worklet window to find a specific worklet.
Click View Details to review and edit a worklet. A separate browser window opens.
Click Remediate to schedule the worklet.
Filtering and searching for solutions
From the main Rapid7 Solutions page, you can use the filter panel and search bar to search for specific solutions by vulnerability or CVE ID. Click the individual drop-down menus of a solution to search for CVEs, devices, or to view the Fix Details of the Rapid7 solution.
Unknown Devices
The Unknown Devices tab lists devices that do not currently exist in your Automox organization. This information can be used to identify gaps in your environment where the Automox agent is not already installed. The list of device hostnames can be exported and used in a tool like Automox Agent Deployer, which supports automatic deployment to CrowdStrike-managed devices.
Click Export CSV for a list of all unknown devices.
Comments
0 comments
Article is closed for comments.