This feature is in Beta, and will be generally available later this month.
We appreciate your interest, but the Beta is full at this time.
Overview
Connect automatically scans your environment for operating system and software vulnerabilities. Within the Vulnerabilities page, you can view CVEs currently impacting your environment prioritized by criticality and quantity of impacted devices, and apply remediations.
To access the Vulnerabilities page, click Vulnerabilities in the left navigation bar.
The Vulnerabilities page displays all vulnerabilities (and associated CVE designations) that have been detected on the devices in your environment which are managed by Connect.
Scan for vulnerabilities
To manually initiate a scan of all devices for known vulnerabilities, click Scan at the top of the list on the Vulnerabilities page.
Vulnerability details and risk score
To learn more about a specific vulnerability, click the vulnerability in the list.
In the center pane, the vulnerability contains a Description as well as a PDQ risk score. On the Vulnerabilities page, CVEs are listed in descending order based on this risk score, with the most severe and critical vulnerabilities listed at the top.
The Risk Score is is derived from a combination of the following:
- CVSS score assigned to the CVE listing
- Business impact, access levels, and exploitability factors associated with the vulnerability.
- Weaponization (is the vulnerability being used by threat actors to attack organizations)
If a Resolution is available for the vulnerability, it will be listed here, as well as References for the CVE from NIST, the application vendor, and any other sources that may be available.
Remediate a vulnerability
PDQ Connect is designed to make it easy for you to select and test a package to remediate the vulnerabilities in your environment. You can make use of packages in our Package Library or a Custom Package of your own design.
On the Vulnerabilities page, select a vulnerability. In the right pane, you will see the Affected applications (this will be a particular OS or software version), and a list of Impacted devices.
Click the button to Select package to deploy to select and deploy a package to remediate this vulnerability.
To patch specific devices, select one or more Vulnerable devices on the Impacted devices list, and then click Deploy. In the Search packages text box, search for and select a package to remediate the vulnerability, and then click Deploy.
Note than you can click the trash can icon next to either the package or any of the selected devices to remove them from this deployment.
For the most critical updates in your environment, Connect will suggest a package to remediate this vulnerability. For a vulnerability with a suggested resolution, click the button to install the suggested update, which will appear in the text of the button itself.
PDQ recommends testing the suggested remediation and confirming that it resolves the vulnerability in your environment.
Accept the risk and ignore a vulnerability
We know how it goes with vulnerability management. Sometimes your organization decides to accept the risk of a particular vulnerability because the remediation would cause a conflict with other business priorities. We recommend making such decisions thoughtfully, and with an eye toward the trade-offs inherent to ignoring a vulnerability which might adversely impact your organization. With your decisionmaking process in mind, PDQ Connect allows you to ignore a vulnerability for one or all devices.
To ignore a vulnerability for all devices, click the vulnerability on the Vulnerabilities page. At the top of the vulnerability details pane, next to the CVE designation, click the arrow next to its Vulnerable status, and then click Ignore.
If you ignore a vulnerability, it will be ignored for all devices, including those currently offline or not yet managed by Connect which may come online later. Ignoring a vulnerability leaves your organization vulnerable to this attack vector for all current and future computers.
To ignore a vulnerability for one or more individual devices, locate the device(s) in the Impacted devices section of a vulnerability listing, click the arrow next to each device's Vulnerable status, and click Ignore for this device.
To stop ignoring a vulnerability for one or more individual devices, locate the device in the Impacted devices section of a vulnerability listing, click the arrow next to each device's Ignored status, and click Stop ignoring for this device.
View all Vulnerabilities on a specific device
To view all vulnerabilities and vulnerable software associated with a specific device, do one of the following:
- Click Devices in the left navigation bar, click a device name, and select the Vulnerabilities tab on the device details page.
- Click Vulnerabilities in the left navigation bar, click a vulnerability, and click the name of an affected device, which will take you directly to the Vulnerabilities tab on the device details page.
Note that the same Ignore/Stop ignoring for this device options exist for each vulnerability displayed on this tab, and the monitoring status of this vulnerability on this device will be reflected identically on both pages.
In the right pane, under Vulnerable software, you can see any software installed on this device with a known vulnerability, as well as the option to deploy a package to remediate it.