VulnDB integration – Software Vulnerability Management
- We’re very excited to introduce the Software Vulnerability Management [optional paid add-on] to Device42 with the release of v15.17.00. Device42 has partnered with Risk-Based Security (RBS) to integrate VulnDB, a premier software vulnerability database maintained by a dedicated team of research professionals, featuring some of the most comprehensive vulnerability & CVE coverage available – including over 178,000 vulnerabilities that cover more than 18,000 vendors, and over 67,000 vulnerabilities above and beyond those found in the NVD/CVE database.
- In combination with Device42’s industry leading discovery and IT asset management capabilities, users will now enjoy automated software vulnerability detection including detailed vulnerability information with solution information for accelerated remediation.
Software Vulnerability Management with VulnDB adds these powerful new capabilities to Device42:
- View vulnerabilities for discovered software assets
- Identify all devices that contain software affected by a certain vulnerability
- Leverage built-in VulnDB product ratings to identify risky software and to inform purchase decisions
- Remediation solutions and detailed information available for each discovered vulnerability — simply click the vulnerability ID for more info!
- Simply head to the Software Components screen to review vulnerabilities. Get there from the Device42 main menu, Apps → Software → Software Components. Device42’s comprehensive auto-discovery constantly scans for changes to IT infrastructure, which are then referenced against the VulnDB database to quickly locate potential issues. Download Device42 + VulnDB [free for 30 days!] and scan your IT infrastructure for vulnerabilities today!
Enhanced discovery information now available via DOQL
- This release also adds discovery job information to DOQL. A new view has been added for each discovery type available in Device42, and both job names and scores are now available for use in queries and reporting.
- Additionally, the DOQL view view_remotecollector_v1 has been added to allow customers to view details specific to each remote collector, including the RC name, discovery job information, scheduled jobs, and more.
- Tags were not being returned for view_dnszone_v1 and view_dnsrecords_v1. Fixed.
- The OpenBSD agent was not correctly handling hostname precedence when importing devices. Fixed.
- Certificate auto-discovery could fail with error “global name ‘jdsop’ is not defined”. Fixed.