Deploying a security fix
Cyberwatch offers patch management. The patching view of an asset lists all the present vulnerabilities with their patch. Deploying a security fix on a vulnerability can fix several vulnerabilities.
Manually apply a corrective action
Corrective actions with the status “To be processed manually” occur on software whose automatic patching is not supported by Cyberwatch.
For such applications, two actions are possible:
- Uninstalling the software either manually or directly through Cyberwatch.
- Manually patching the software by connecting to the relevant asset.
Dependency Management
- Linux: If these patches have dependencies, they will also be installed when the patch is deployed.
- Windows: The patch can be a Microsoft cumulative update.
Deploying a security fix from the page of an asset
- Click on Inventory
- Choose the concerned asset
- In the page dedicated to the asset, click on the “Patch management” tab
- Check the security fixes you want to deploy
- Click on the “Schedule selected fixes” button
- Choose the deploying period allowed for the deployment, and confirm with the “Schedule selected fixes” button
Deploying a security fix from the page of a vulnerability
- Click on Vulnerabilities Encyclopedia
- Choose the concerned vulnerability
- In the page dedicated to the vulnerability, check the assets on which you want to deploy the security fixes
- Click on the caret right to the “Ignore and comment” button
- Click on “Schedule selected fixes”
- Choose the deploying period allowed for the deployment, and confirm with the “Schedule selected fixes” button
Uninstalling a package or an application
- Click on Inventory
- Choose the concerned asset
- In the page dedicated to the asset, click on the technologies tab
- Find the package/application in the list
- Click on the deletion button at the end of the line and confirm the uninstallation request.
Deleting an executable
- Click on Inventory
- Choose the concerned asset
- In the page dedicated to the asset, click on the technologies tab
- Find the executable in the list
- Click on the deletion button at the end of the line and confirm the request.
This deletion will not modify any configuration or additional files used by this executable, and such files must be deleted by you, outside of Cyberwatch.
Enabling the deployment of corrective actions for Microsoft KBs from Cyberwatch
To apply corrective actions for Windows and Microsoft applications, Cyberwatch deploys Microsoft KBs part of one of these three type:
- Security updates
- Critical updates
- Monthly roll ups
In order to enable Cyberwatch to apply these updates, the WSUS has to be configured to automatically approve updates belonging to one of the above classifications.
Official documentation on how to configure these automatic approvals.
List of software covered by the Patch Management module or uninstallable
- Linux: any software installed with the package manager of the distribution can be patched or uninstalled
- Windows:
| Uninstall | Patch | |
|---|---|---|
| Microsoft software (supported by security KBs) | ✓ | |
| Adobe Acrobat | ✓ | |
| Adobe Flash | ✓ | |
| Google Chrome | ✓ | |
| Gimp | ✓ | |
| iTunes | ✓ | |
| JAVA | ✓ | |
| KeePass | ✓ | |
| LibreOffice | ✓ | |
| Putty | ✓ | |
| Thunderbird | ✓ | |
| VirtualBox | ✓ | |
| VLC | ✓ | |
| Wireshark | ✓ | |
| 7-Zip | ✓ |