Configuration guide: Application vulnerability management
The configuration options on this page are only accessible to administrators.
Refer to the Usage guide: Application vulnerability management to use library content as a standard user.
Prerequisites
This library pack contains content from the following required expansion products:
Some of these products offer default access to their respective content and can still be used without expansion products.
Refer to the Nexthink Infinity thresholds and limits overview documentation for more information about default thresholds for expansion products.
Included content and dependencies
This library pack contains the following content and dependencies:
Application vulnerability management
The Application Vulnerability Management dashboard acts as a central point for the manual tagging of vulnerable binaries and monitoring the execution of these binaries on devices.
N/A
Vulnerable application removal assessment
This automated workflow will trigger a campaign based on the following criteria: The vulnerable product has a safe version; The vulnerable product has a safe replacement application with similar functionality; The vulnerable product does not have a safe version or replacement application. The results of these campaigns will then be available on the Remediation progress tab of the Application vulnerability management dashboard.
N/A
Remove vulnerable application – Prompt
This campaign informs users that a vulnerable product has been detected on their device and asks for permission to remove it.
N/A
Replace vulnerable application - Prompt
This campaign alerts users to the presence of a vulnerable product on their device and requests permission to remove it. It also suggests an alternative application and provides its name.
N/A
Update vulnerable application - Invoke
The campaign encourages users to update an application when the installed version contains a known security vulnerability. The campaign directs users to either install the approved version from the organization’s application store or request support if they still require the current version.
N/A
Notify vulnerable application ticket creation – Completed
This campaign informs users who have chosen to retain a vulnerable application that an ITSM ticket has been created, displaying the relevant ticket number.
N/A
Vulnerable
This manual custom field is used to indicate whether a specific binary version is considered vulnerable. It should be populated with a 'Yes' value if your vulnerability detection report indicates this.
N/A
Vulnerability severity
This manual custom field indicates the severity level of a vulnerability affecting a specific binary version. It should be populated based on information from your vulnerability detection report and can contain one of the following text values: "Low", "Mid", or "High".
N/A
Vulnerability exploitability
This manual custom field indicates whether the vulnerability affecting a specific binary version is known to be exploitable. It should be populated with "Yes" or "No" based on information from your vulnerability detection report. If exploitability is unknown or not specified, the field may remain empty.
N/A
Replacement application
This manual custom field is used to indicate whether a replacement application is available for a vulnerable application. The replacement application name should be entered here. If no replacement is available, the field should be left empty.
N/A
Replacement application link
This manual custom field may contain a link to an alternative application available on your organization’s internal self-service portal. It is used when a vulnerable application should be replaced rather than updated. The link should be entered without the https:// prefix.
N/A
Safe version
This manual custom field indicates the version of the application that is considered safe and not affected by the vulnerability. It should contain the version number as text based on your vulnerability detection report. If no safe version is available or specified, the field may remain empty.
N/A
Safe version link
This manual custom field may contain a link to the safe version of the application available on your organization’s internal self-service portal. It should be populated when a vulnerable application can be upgraded. The link should be entered without the https:// prefix.
N/A
Configuring "Application vulnerability management"
Adapt these suggested configuration steps to edit and customize content according to your organizational needs.
Follow these steps to install and configure content:
Before configuration - Install library pack content from Nexthink Library
Step 1 - Edit campaigns
Navigate to the manage campaigns administration page to review and edit your campaigns.
For each installed campaign, please ensure to:
Customize the sender name and image.
Review and adjust questions.
Publish the campaign when you are ready to use it.
We recommend the following configurations for this campaign:
Remove vulnerable application – Prompt
Workflow
Urgent
Replace vulnerable application - Prompt
Workflow
Urgent
Update vulnerable application - Invoke
Workflow
Urgent
Notify vulnerable application ticket creation - Completed
Workflow
Urgent
Step 2 - Maintain workflow triggers
This workflow is designed to run on a scheduled basis.
Open the workflow from Workflows > Manage workflows.
Go to the General tab.
Enable the Schedule checkbox.
Include the following NQL query in your schedule to ensure that the workflow targets devices running high-risk products that have not been targeted by this workflow recently. This will prevent users from being overwhelmed with campaigns.
This schedule is recommended for daily use.
Make sure the workflow parameters are correctly linked to the outputs of this query:
RELATED TOPICS
Last updated
Was this helpful?