Vulnerabilities
Overview
Connect automatically scans your environment for operating system and software vulnerabilities. Within the Vulnerabilities page, you can view CVEs currently impacting your environment prioritized by criticality and quantity of impacted devices, and apply remediations. Vulnerability sources can be Processes, Registry Applications, Store Applications, Drivers, Services, and the Operating System.
To access the Vulnerabilities page, click Vulnerabilities in the left navigation bar.
The Vulnerabilities page displays all vulnerabilities (and associated CVE designations) that have been detected on the devices in your environment which are managed by Connect.
Scan for vulnerabilities
To manually initiate a scan of all devices for known vulnerabilities, click Scan at the top of the list on the Vulnerabilities page.
Vulnerability details and risk score
To learn more about a specific vulnerability, click the vulnerability in the list.
In the center pane, the vulnerability contains a Description as well as a PDQ risk score. On the Vulnerabilities page, CVEs are listed in descending order based on this risk score, with the most severe and critical vulnerabilities listed at the top.
The Risk Score is derived from a combination of the following:
- CVSS score assigned to the CVE listing
- Business impact, access levels, and exploitability factors associated with the vulnerability.
- Weaponization (is the vulnerability being used by threat actors to attack organizations)
If a Resolution is available for the vulnerability, it will be listed here, as well as References for the CVE from NIST, the application vendor, and any other sources that may be available.
Remediate a vulnerability
PDQ Connect is designed to make it easy for you to select and test a package to remediate the vulnerabilities in your environment. You can make use of packages in our Package Library or a Custom Package of your own design.
On the Vulnerabilities page, select a vulnerability. In the right pane, you will see the Remediation steps (this will be a particular OS or software version), and a list of Impacted devices.
Click the button to Select package to deploy to select and deploy a package to remediate this vulnerability.
To patch specific devices, select one or more vulnerable devices on the Impacted devices list, and then click Deploy. In the Search packages text box, search for and select a package to remediate the vulnerability, and then click Deploy.
Note that you can click the trash can icon next to either the package or any of the selected devices to remove them from this deployment.
For the most critical updates in your environment, Connect will suggest a package to remediate this vulnerability. For a vulnerability with a suggested resolution, click the button to install the suggested update, which will appear in the text of the button itself.
PDQ recommends testing the suggested remediation and confirming that it resolves the vulnerability in your environment.
Create an automation to remediate a vulnerability
For vulnerabilities with a recommended package, you can click the button to deploy the remediation to one or more machines which are currently showing a Vulnerable status.
But what happens if you know that a particular patch remediates a vulnerable software version, but don't know if every vulnerable machine has been online recently? In order to ensure that any future endpoints which show up with the vulnerable software version are automatically remediated, click the Automate button to create an automation.
A window will appear which allows you to create an automation which will automatically apply the recommended patch to any devices which contain the vulnerable software version (in this case, a specific version of Mozilla Firefox, v81.0.2). Click Confirm to create the automation.
Automation settings
The newly created automation will appear on the Automations page (and you can go directly to the automation from the link on the vulnerability page).
Dynamic group settings
The automation will target a dynamic group which contains all devices with the vulnerable software version installed. You can view the settings for this group on the Devices page by clicking on the group name (which will begin with the name and version of the affected software), and click Filter.
Accept the risk and ignore a vulnerability
We know how it goes with vulnerability management. Sometimes your organization decides to accept the risk of a particular vulnerability because the remediation would cause a conflict with other business priorities. We recommend making such decisions thoughtfully, and with an eye toward the trade-offs inherent to ignoring a vulnerability which might adversely impact your organization. With your decision-making process in mind, PDQ Connect allows you to ignore a vulnerability for one or all devices.
To ignore a vulnerability for all devices, click the vulnerability on the Vulnerabilities page. At the top of the vulnerability details pane, next to the CVE designation, click the arrow next to its Vulnerable status, and then click Ignore.
If you ignore a vulnerability, it will be ignored for all devices, including those currently offline or not yet managed by Connect which may come online later. Ignoring a vulnerability leaves your organization vulnerable to this attack vector for all current and future computers.
To ignore a vulnerability for one or more individual devices, locate the device(s) in the Impacted devices section of a vulnerability listing, click the arrow next to each device's Vulnerable status, and click Ignore for this device.
To stop ignoring a vulnerability for one or more individual devices, select the Ignored filter under Status, locate the device in the Impacted devices section of a vulnerability listing, click the arrow next to each device's Ignored status, and click Stop ignoring for this device.
Filter vulnerabilities
At the top of the vulnerabilities list, click the Filter icon (to the left of the search bar) to filter the vulnerabilities list.
Click Add filter to add a filter.
Click Add filter again to add additional filters. Filters will be processed with an AND operator.
Click the trash can icon to the right of each filter to delete them individually, or click Clear filters to remove all filters.
Click Apply to apply the current filters to the list.
Filter options
The dropdowns allow you to select a vulnerability attribute as well as an appropriate operator for text or numerical values as appropriate. For number fields, you may use an integer or decimal as preferred.
The available attributes and corresponding values/types are listed below.
| Attribute | Values |
| Affected software | [text string] |
| CVSS score | [number] |
| Known exploit | [true/false] |
| PDQ risk score | [Critical/High/Medium/Low] |
| Vulnerability name | [text string] |
| Vulnerability status | [Vulnerable/Ignored/Resolved] |
| # of impacted devices | [number] |
View all Vulnerabilities on a specific device
To view all vulnerabilities and vulnerable software associated with a specific device, do one of the following:
- Click Devices in the left navigation bar, click a device name, and select the Vulnerabilities tab on the device details page.
- Click Vulnerabilities in the left navigation bar, click a vulnerability, and click the name of an affected device, which will take you directly to the Vulnerabilities tab on the device details page.
Note that the same Ignore/Stop ignoring for this device options exist for each vulnerability displayed on this tab, and the monitoring status of this vulnerability on this device will be reflected identically on both pages.
In the right pane, under Vulnerable software, you can see any software installed on this device with a known vulnerability, as well as the option to deploy a package to remediate it.
