After you set up and connect your integration for Automated Vulnerability Remediation (AVR), from the Remediations page, you can view remediation reports, create new connections, filter and search for recent reports, and manage configurations.
The following topics are described here:
Prerequisites
You have zone administrator or zone operator permissions for the zone where the devices are located.
Your zone is under a plan that includes automated vulnerability remediations.
Automated Remediations Table
From the main Remediation page, select the Automated tab to view the following data about recent remediations.
Column name | Description |
---|---|
Report | Click View Report to view remediation details. |
Status | This shows the status of the remediation. |
Configuration | Click the name to view the configuration associated with the selected report. |
Patchable Vulnerabilities | This shows the number of patchable vulnerabilities. |
Rapid7 Solutions | This shows the number of Rapid7 solutions. |
Unknown Devices | This shows the number of devices that are unknown (they do not currently exist in your Automox account). |
Updated | This shows the date and time when the report was created. |
Actions | Possible actions:
|
Filter Panel
The filter panel is made up of different options to customize the display of the remediations table. You can clear selections individually or select Clear All to reset the panel to the default settings.
Reports Filter
By default, the table shows all reports generated for each configuration. The filter selected is: Include previous executions.
Select Show latest executions only to limit the number of reports listed by the last generated report per configuration.
Status Filter
To filter the list of reports by status, select one or a combination of all options:
Ready To View: The details of these reports are available
Building: The report is in progress
Error: If the remediation fails, the report is listed with this status
Configuration Filter
You can filter the list to show only reports for a specific configuration. From the configuration drop-down menu, you can search by name and select the configuration.
Display Options
This filter allows you to group the reports by configuration.
Select Sort Groups by and choose from the options to show reports in the order you want:
Latest Update (Asc): Show the most recently updated reports in ascending order ↑: oldest first
Latest Update (Desc): Show the most recently updated reports in descending order ↓: newest first.
Name (Asc): Show reports by configuration name in ascending (A to Z) order.
Name (Desc): Show reports by configuration name in descending (Z to A) order.
Clear the checkbox Group by configuration to show data listings for all configurations. When this is cleared, the Configuration column reappears in the table.
Configurations Table
Select the Configurations tab to view and manage configurations. Use the Actions menu to edit a configuration. The table provides the following data.
Column name | Description |
---|---|
Name | This is the name of the configuration. |
Connection | This is the connection associated with the configuration. |
Rapid7 Asset Tags | This lists all Rapid7 asset tags associated with the configuration. |
Rapid7 Vulnerability Scope | This specifies the Rapid7 vulnerability scope type, which can be:
|
Next Scheduled Run | This shows the time and date of the next scheduled run. |
Actions | Possible actions:
|
Viewing Remediation Details
You can view the Remediation Details page of any report. This provides a detailed view of the specific vulnerabilities affecting your environment and options to remediate them.
From the Automated page, click View Report to open the details page.
Identified vulnerabilities are automatically parsed into three categories:
Patchable Vulnerabilities
Rapid7 Solutions
Unknown Devices
Patchable Vulnerabilities
Patchable Vulnerabilities lists vulnerabilities in packages that are grouped by severity. The package includes the CVEs and affected devices.
Note:
Automox now includes severity data for native macOS packages. However, updates for applications that are included with macOS are updated as part of the OS update. For example, App Store would be updated when you install the macOS update. For more information, see macOS Best Practices: Patch Notifications & CVEs.
Click Remediate to install and patch the devices without a schedule.
Note:
If the device is online and available, the patch is installed immediately.
If the device is offline or unavailable, the status shows as pending and will patch when the device is available.
If a patch install requires a reboot, this action will not automatically restart a device.
When the remediation is in progress, a status will show which patches are In Progress, Failed, or were a Success.
Filtering and searching for packages
You can use the filter panel and search bar to search for specific remediations by severity, CVE ID, or KB. You can also search for specific devices within each remediation Devices list.
Rapid7 Solutions
Vulnerabilities that must be remediated using a workflow other than patching, such as configuration changes, are listed under the Rapid7 Solutions tab. Rapid7 supplies information about how to remediate with the vulnerability data. See also Rapid7 plugin listings.
Click Remediate With Worklet to view a list of your existing worklet policies to remediate vulnerabilities with.
You can use the search bar in the Remediate with Worklet window to find a specific worklet.
Click View Details to review and edit a worklet. A separate browser window opens.
Click Remediate to schedule the worklet.
Filtering and searching for solutions
From the main Rapid7 Solutions page, you can use the filter panel and search bar to search for specific solutions by vulnerability or CVE ID. Click the individual drop-down menus of a solution to search for CVEs, devices, or to view the Fix Details of the Rapid7 solution.
Unknown Devices
The Unknown Devices tab lists devices that are enrolled in Rapid7, but cannot be found in your Automox account. This information can be used to identify gaps in your environment where the Automox agent is not already installed. The list of device hostnames can be exported and used in a tool like Automox Agent Deployer, which supports automatic deployment to CrowdStrike-managed devices.
Click Export CSV for a list of all unknown devices.
Comments
0 comments
Article is closed for comments.