Review severity settings of policies to make sure you are patching at the scope you want.
The severity level High was added to the Automox console with CSVSSv3, which means you should check if your policies still include the level of patching you are expecting. The scope of Critical has a different range (9.0–10.0). If you require the full span of 7.0–10.0, you must select High in your policy.
Automox CVSSv2 | Automox CVSSv3 |
---|---|
| none (0.0) |
Low (0.0—3.9) | Low (0.0—3.9) |
Medium (4.0—6.9) | Medium (4.0—6.9) |
Critical (7.0—10) | High (7.0—8.9) |
Other (Not scored) | Critical (9.0—10) |
| Unknown |
Note: If an Ubuntu, Red Hat, or Debian-related software package does not have any CVEs associated with it, Automox shows the severity score No Known CVEs.
How to review your policies
Find out if your policies are covering your minimum requirements and adjust the scope.
From the Automox console, go to Manage → Policies.
For each severity-related policy (Advanced and By Severity policies), click the name of the policy to open the Edit Policy page.
The Package Targeting section depends on the type of policy:
For a By Severity policy, select High to include the range 7.0–8.9.
For an Advanced Policy, make sure your rules include Is Greater Than Or Equal To and High to ensure coverage.
Click Save Policy. Repeat for each severity-related policy.
Note: If you have a policy that has Critical selected, we will automatically update your policies to check High. This policy should, however, be updated to reflect the new severity options.
Comments
0 comments
Article is closed for comments.