Software vulnerabilities are weaknesses in code that can allow attackers to gain access to or manipulate the behavior of an application. Vulnerable software applications are commonly targeted by attackers to compromise endpoints and gain a persistent presence on targeted networks.
Vulnerability detection is the process of identifying these flaws before they are discovered and exploited by attackers. The goal of vulnerability detection is to identify vulnerabilities so that remediation can be carried out to prevent successful attacks.
The Argus Agent uses syscollector the module to collect inventory details from the monitored endpoint. It sends the collected data to the Argus server. Within the Argus server, the Vulnerability Detection module correlates the software inventory data with vulnerability content documents to detect vulnerable software on the monitored endpoint.
Argus detects vulnerable applications, generating risk reports, using our Cyber Threat Intelligence (CTI) platform. In this platform, we aggregate vulnerability data from diverse sources like operating system vendors and vulnerability databases, consolidating it into a unified, reliable repository. The process involves standardizing the varied formats into a common structure. Additionally, we maintain the integrity of our vulnerability data by doing the following.
- Rectifying format inconsistencies like version errors and typos.
- Completing missing information.
- Incorporating new cybersecurity vulnerabilities.
Subsequently, we merge this content, uploading the compiled documents to a cloud server. Finally, we publish these documents to our CTI API.
Relying on the Argus CTI, the Vulnerability Detection module supports a variety of operating systems, such as Windows, CentOS, Red Hat Enterprise Linux, Ubuntu, Debian, Amazon Linux, Arch Linux, and macOS operating systems, and applications.
Achieve comprehensive visibility
The Vulnerability Detection module generates alerts for vulnerabilities discovered on the operating system and applications installed on the monitored endpoint. It correlates the software inventory collected by the Argus agent with the vulnerability content documents and displays the alert generated on the Argus dashboard. This provides a clear and comprehensive view of vulnerabilities identified in all monitored endpoints, allowing you to view, analyze and fix vulnerabilities.
The vulnerability detection dashboard shows the frequency of occurrences in different categories such as package name, operating system, agent name, vulnerability ID, and alert severity. This allows analysts to direct their focus appropriately.
Accessing Vulnerability Detection
- Navigate to Vulnerabilities: From the Argus dashboard, select Vulnerabilities from the left-hand menu.
Using Vulnerability Detection
- View Detected Vulnerabilities: The interface displays a list of detected vulnerabilities across your monitored systems.
- Filter and Sort: Use filters to sort vulnerabilities by severity, agent, detection date, and other parameters.
- Detailed Information: Click on a vulnerability to view more details, including affected assets, CVE information, and remediation steps.
- Export Reports: Export the vulnerability data for reporting or further analysis.
Example Use Case
- Patch Management: Identify critical vulnerabilities that need immediate attention and plan your patch management strategy accordingly.
