Can we fetch vulnerability details with Cisco AMP using Orbital.
Can we fetch vulnerability details with Cisco AMP using Orbital feature. If so can someone please let me know if there is any inbuilt query or we have to create customize queries for fetching this information for all applicable endpoints.
If there is any customize queries, can someone please share it with us.
When you say fetch vulnerabilities, what exactly are you referring to? If you're talking about software vulnerabilities reported by AMP, you can use the AMP API to pull this information. If you're talking about Microsoft reported vulnerabilities, you can use the "Windows HotFixes Monitoring" Orbital query to pull up a list of KBs installed on the system and determine which vulnerabilities exist based off of that. There are also a few specific CVE queries listed that you can find by searching "CVE" in the orbital queries.
Thanks Matt. I just need to fetch complete list of vulnerabilities.
I have couple of questions.
a) How do we use AMP API to get the list of all software vulnerabilities. Can you please provide some supporting document to run this queries. Also can we run these queries for a particular group instead of single machine.
b) With respect to Microsoft vulnerability, I ran "Windows HotFixes Monitoring" query and it gives me set of KBs. Are these KBs open to vulnerability or just the list of KBs that are installed on the machine?
Community Live Event Video
Are you ready to level up your security? Learn more about how Cisco SecureX can help you simplify your security and maximize operational efficiency.
This event talks about Cisco SecureX, its benefits, features, and usage. Th...
Hi all,I cannot understand why is something working very well they create a way to complicate things in Cisco ASA OS. I have a rule :object network LOCAL_ADRESS1 host 192.168.20.12 nat (VLAN20,outside) source static LOCAL_ADRESS1 interface&...
It is our pleasure to officially announce the finalists in the 2021 IT Blog Awards. We are now looking to our amazing tech community to check out the amazing line up of bloggers, vloggers and podcasters. Make sure to vote for your favorites...
Community Live Event Slides
This event talks about Cisco SecureX, its benefits, features, and usage. The session includes sample use cases and live demonstrations.
Cisco expert Luis Silva talks about how this solution can integrate Cisco technology and ...
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Aruba Wireless AP (IAP) to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnect 4....