Create Security Definition Wizard

This Wizard is used to build custom security scripts. These security definitions help detect configuration vulnerabilities by deploying scripts that scan devices for specific file versions, registry entries, or configuration flags. Unlike traditional patch content, configuration definitions focus on discovery through scanning rather than delivering a payload.

Prerequisites 

A script or criteria for detecting a configuration or security issue.

Guided walk-through: Creating New Security Definition

Open the Security Definition Wizard

Go to Vulnerabilities > Advanced > Custom Patches > Click '+Create' >  New Security Definitions

Import Information

Review or fill in the following fields:

  • Name: A user-defined name for the script.
  • Vendor: The name of the script vendor.
  • Version: The version number of the script.
  • CVSS: The independent CVSS score of the vulnerability represented as the number.
  • Product ID: A unique identifier for the definition (auto-generated GUID).
  • Install Arguments: not applicable to security script.
  • Uninstall Arguments (Optional): not applicable to security script.
  • Description: Additional notes or description about the vulnerability to be detected.
  • Publish Date: The release date of the script.

Advanced Options

This step gives you the option to finalize the  definition configuration.

When you choose 'Configure Advanced Options', the Advanced Editor opens. Use this to provide additional context and control for the script:

  • Name: Auto-filled from the file name; can be edited.
  • Type: Security Script
  • Vendor / URL / Description: Add metadata for tracking or reference.
  • Version / Target Version: Specify the versioning of the script.
  • CVSS / Severity / Security Family: Optional security-related classifications of the vulnerability.
  • Controlled Content: Enable the Controlled Content option if the uploaded file (e.g., driver, patch, or script) is expected to become part of a pre-approved content library. Such scripts are listed under Controlled Content section in Vulnerabilities tab.
  • Other Settings:
  • Requires Reboot: Specifies whether a system reboot is necessary after applying the script.
  • Allow User Interaction: Specify if user interaction is necessary during the scan.
  • Weaponized / Public Aware / Counter Measure / Auto Fix: Classify the threat profile and mitigation status of the vulnerability.
  • Repairable: Defines whether the detected vulnerability can be automatically remediated.
  • CVE(s): Enter known vulnerability identifiers if applicable.
  • OS Type: Choose the operating system this script applies to.

Go to Component > Edit and use the available options  to define the logic used to detect the configuration vulnerability:

  • Component Name, CVE, CVSS.
  • Filters: specify which systems or conditions the script should apply to (e.g., OS type, version).
  • Existing Detection: define criteria (like file existence, registry keys, or specific configurations) that determine if the vulnerability is already present on the target system. This is where the core detection logic resides — it forms the basis of a security definition.
  • Deployment: define any binaries or commands needed if this component was for remediation. In the context of security definitions, this may often be unused or minimal.
  • Superseded Components: indicate whether this script has been replaced by a newer version.
  • Save: save the component definition.