topic Thanks, but the in Endpoint Security

AMP Console - Vulnerable Programs feature

kaustubhmhatre — Fri, 21 Feb 2020 05:29:31 GMT

Hello,

I had a question about the new Vulnerable Programs feature which gives an extremely useful view of all the vulnerable applications on endpoints including the number of computers on which the applications are installed along with the CVSS Score.

This is extremely important information, but unfortunately I don't see any way to export this information into a CSV for reporting/tracking. Is there a way to do this?

Regards,

Kaustubh

Kaustubh, Do you have a

adhogan — Fri, 22 May 2015 21:09:07 GMT

Kaustubh,

Do you have a Defense Center (FireSight Management)? If so, all of the vulnerability data will show up there if it has been linked with your AMP account. The reporting features in the Defense Center make it very easy to export that data. Unfortunately there isn't yet a way to do this from the AMP console.

Thanks, but the

kaustubhmhatre — Fri, 22 May 2015 21:39:18 GMT

Thanks, but the vulnerabilities data in defense center is not the exact same data. It lists down the vulnerabilities based on the information it sees in the packet (e.g OS version etc.) and correlates with its vulnerability DB to list the vulnerabilities associated with the IP/host.

Or am I missing something, is there a way to view the same information as I see it in the AMP console?

Regards,

Kaustubh

That's different.Go to

adhogan — Sat, 23 May 2015 03:59:56 GMT

That's different.

Go to Analysis > Files > Malware Event and then go to the Table View. There will be alerts here for when a vulnerable application is detected by AMP on an endpoint. You can sort/search based on Event Type to find these, though the exact syntax escapes me at the moment.