5 Replies Latest reply: Jan 18, 2013 9:16 AM by feeeds RSS

    Vulnerability report excluding

    ed87

      I'm tired of getting reports back with vulnerabilities with recommendations like this:

       

      McAfee is currently unaware of a vendor-supplied patch or update

      McAfee Avert Labs is not aware of a vendor-supplied patch/upgrade at this time

       

      I would like to filter these items out of the report.  I assume I can do this using "Patch Availability" rule in a vulnerability set.  I don't want to exclude vulnerabilities that are configuration issues and therefore have no patch available.

       

      Would I include:

       

      "Patch Availability: Patch Available"

      "Patch Availability: Undetermined"

      "Patch Availability: NA"

       

      and then exclude

      "Patch Availability: No Patch Available"

       

      I'm not sure what the difference between "Undetermined and N/A" would be.  Again, I just want to exclude vulnerablities that I can't do anything about in these reports.  I want to make sure that non-patch related issues, like configuration settings stay in the report.

       

       

       

        • 1. Re: Vulnerability report excluding

          Hi Ed,

           

          Our R&D team is continually going thru the content and trying to update any of the scripts that didn't have a patch when released (why they put that text), that does now.  it's on ongoing effort.  In any case that you know a patch is available you can let us know and we can get them updated as a one (or 2 or 3) off.

           

          In the meantime using the Vulnerability Set should be an option, but I'm currently working an issue that the "Is not Equal to" is not working.  I'm not sure of the cause yet, so of course there isn't any solution (yet). 

           

          If you run into specific problems let me know, and I can update you on the progress of the other issue.

           

          -Cathy

          • 2. Re: Vulnerability report excluding
            ed87

            I'm using 7.0.  I've run 4 test reports that contain the following logic:

             

            1. equals Patch Available

            2. equals No Patch Available

            3. equals Patch NA

            4. equals Patch Undetermined

             

            Despite the fact that I'm running against a machine that has several vulnerabilities where patches are not available, the "equals No Patch available" logic yields zero results.  Most of the vulnerabilities fall under "Patch Undetermined", which clearly state "McAfee is currently unaware of a vendor-supplied patch or update"...would that be "No patch available"?  That seems like something is broken.

             

            Can you explain the logic of how something without a patch becomes patch undetermined?

             

            How reliable is the patch available/not available field?

            • 3. Re: Vulnerability report excluding

              Hi Ed,

               

              Sorry, I think you missed my comment above:

               

              "but I'm currently working an issue that the "Is not Equal to" is not working.  I'm not sure of the cause yet, so of course there isn't any solution (yet)."

               

              I see you confirmed that anyway.

               

              When I get more details and/or a fix for it, I will post the solution here.

               

              -Cathy

              • 4. Re: Vulnerability report excluding
                ed87

                I can work around the "is not equal to" issue, assuming that the patch availability field is accurate.

                 

                For example, instead of writing the logic as "is not equal to: No Patch Available",  I could just write"

                 

                is equal to Patch Available

                OR

                is equal to Patch Not Determined

                OR

                is equal to Patch Undetermined

                 

                 

                ...that should yield the same logic.

                • 5. Re: Vulnerability report excluding
                  feeeds

                  Is there an update on this issue.  I have submitted a PER on this issues as well. I would love a second dashboard that only shows vulerabilites that I can actually remiadiate (fix). I also asked for the ability create my own dashboard.