# Configuration guide: Application vulnerability management {% hint style="warning" %} The configuration options on this page are only accessible to [administrators](https://docs.nexthink.com/platform/user-guide/administration/account-management/roles#roles-administration). Refer to the [Usage guide: Application vulnerability management](https://docs.nexthink.com/platform/library-packs/security-and-compliance/application-vulnerability-management/usage-guide-application-vulnerability-management) to use library content as a standard user. {% endhint %} ## Prerequisites This library pack contains content from the following required [expansion products](https://docs.nexthink.com/platform/overview/products): * [Employee Engagement – Campaigns](https://docs.nexthink.com/platform/user-guide/campaigns) * [Flow - Workflows](https://docs.nexthink.com/platform/user-guide/workflows) {% hint style="info" %} Some of these products offer default access to their respective content and can still be used without [expansion products](https://docs.nexthink.com/platform/overview/products). Refer to the [Nexthink Infinity thresholds and limits overview](https://edocs.nexthink.com/nexthink-infinity/infinity-specifications/nexthink-infinity-default-thresholds-overview) documentation for more information about default thresholds for expansion products. {% endhint %} ## Included content and dependencies This library pack contains the following content and dependencies: | Type | Name | Description | Dependencies | | ------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | | [Live dashboards](https://nexthink.gitbook.io/opd/user-guide/live-dashboards) | Application vulnerability management | The Application Vulnerability Management dashboard acts as a central point for the manual tagging of vulnerable binaries and monitoring the execution of these binaries on devices. | N/A | | [Workflows](https://docs.nexthink.com/platform/user-guide/workflows) | Vulnerable application removal assessment | This automated workflow will trigger a campaign based on the following criteria: The vulnerable product has a safe version; The vulnerable product has a safe replacement application with similar functionality; The vulnerable product does not have a safe version or replacement application. The results of these campaigns will then be available on the Remediation progress tab of the Application vulnerability management dashboard. | N/A | | [Campaigns](https://docs.nexthink.com/platform/user-guide/campaigns/managing-campaigns) | Remove vulnerable application – Prompt | This campaign informs users that a vulnerable product has been detected on their device and asks for permission to remove it. | N/A | | | Replace vulnerable application - Prompt | This campaign alerts users to the presence of a vulnerable product on their device and requests permission to remove it. It also suggests an alternative application and provides its name. | N/A | | | Update vulnerable application - Invoke | The campaign encourages users to update an application when the installed version contains a known security vulnerability. The campaign directs users to either install the approved version from the organization’s application store or request support if they still require the current version. | N/A | | | Notify vulnerable application ticket creation – Completed | This campaign informs users who have chosen to retain a vulnerable application that an ITSM ticket has been created, displaying the relevant ticket number. | N/A | | [Custom fields](https://docs.nexthink.com/platform/user-guide/administration/content-management/custom-fields-management) | Vulnerable | This manual custom field is used to indicate whether a specific binary version is considered vulnerable. It should be populated with a 'Yes' value if your vulnerability detection report indicates this. | N/A | | | Vulnerability severity | This manual custom field indicates the severity level of a vulnerability affecting a specific binary version. It should be populated based on information from your vulnerability detection report and can contain one of the following text values: "Low", "Mid", or "High". | N/A | | | Vulnerability exploitability | This manual custom field indicates whether the vulnerability affecting a specific binary version is known to be exploitable. It should be populated with "Yes" or "No" based on information from your vulnerability detection report. If exploitability is unknown or not specified, the field may remain empty. | N/A | | | Replacement application | This manual custom field is used to indicate whether a replacement application is available for a vulnerable application. The replacement application name should be entered here. If no replacement is available, the field should be left empty. | N/A | | | Replacement application link | This manual custom field may contain a link to an alternative application available on your organization’s internal self-service portal. It is used when a vulnerable application should be replaced rather than updated. The link should be entered without the https\:// prefix. | N/A | | | Safe version | This manual custom field indicates the version of the application that is considered safe and not affected by the vulnerability. It should contain the version number as text based on your vulnerability detection report. If no safe version is available or specified, the field may remain empty. | N/A | | | Safe version link | This manual custom field may contain a link to the safe version of the application available on your organization’s internal self-service portal. It should be populated when a vulnerable application can be upgraded. The link should be entered without the https\:// prefix. | N/A | ## Configuring "Application vulnerability management" {% hint style="info" %} Adapt these suggested configuration steps to edit and customize content according to your organizational needs. {% endhint %} Follow these steps to install and configure content: * Before configuration - Install library pack content from [Nexthink Library](https://docs.nexthink.com/platform/user-guide/nexthink-library) * [Step 1 - Edit campaigns](#step-1-edit-campaigns) * [Step 2 - Maintain workflow triggers](#step-2-maintain-workflow-triggers) ### **Step 1 - Edit campaigns** Navigate to the [manage campaigns](https://docs.nexthink.com/platform/user-guide/campaigns/managing-campaigns) administration page to review and edit your campaigns. For each installed campaign, please ensure to: * Customize the sender name and image. * Review and adjust questions. * Publish the campaign when you are ready to use it. We recommend the following configurations for this campaign:
NameTriggerPriority
Remove vulnerable application – PromptWorkflowUrgent
Replace vulnerable application - PromptWorkflowUrgent
Update vulnerable application - InvokeWorkflowUrgent
Notify vulnerable application ticket creation - CompletedWorkflowUrgent
### **Step 2 - Maintain workflow triggers** This workflow is designed to run on a **scheduled** basis. 1. Open the workflow from **Workflows > Manage workflows**. 2. Go to the **General** tab. 3. Enable the **Schedule** checkbox. Include the following NQL query in your schedule to ensure that the workflow targets devices running high-risk products that have not been targeted by this workflow recently. This will prevent users from being overwhelmed with campaigns. This schedule is recommended for daily use. ``` ``` Make sure the workflow parameters are correctly linked to the outputs of this query:
*** RELATED TOPICS * [Overview: Application vulnerability management](https://docs.nexthink.com/platform/library-packs/security-and-compliance/application-vulnerability-management) * [Usage guide: Application vulnerability management](https://docs.nexthink.com/platform/library-packs/security-and-compliance/application-vulnerability-management/usage-guide-application-vulnerability-management)