Security Content Library
• 6 min to read •
In addition to curating patch content, Syxsense also provides configuration content within the Vulnerabilities library. The main differences between patch content and configuration content are the discovery process and the payload delivery method.
When evaluating devices for configuration vulnerabilities, a script that scans filesystems, registries and software configurations for flags, text entries, or file versions (among many other types of searches) is deployed. If a script triggers on something, that item triggers the denotation of a found configuration vulnerability on the endpoint.
System security is crucial to protect your system from cyber-attacks. It is provided in 2 steps:
① Security Scan which allows detecting malicious processes and misconfigurations on the devices in the corporate network.
② Security Resolve which allows automatically fixing most of the detected security flaws via tested resolution workflows in Syxsense Cortex.
Syxsense makes the above-mentioned operations straightforward.
Important Information This is available with Syxsense Secure and Enterprise licenses, please contact your Account Manager to upgrade. |
Prerequisites A user with Admin or Vulnerabilities (Patch Manager) rights |
Discovery: Security Script OverviewDiscovery: Security Script Overview
To review the scipts library, start by navigating to the Vulnerabilities tab in the Console menu.
Select the Security tab within the Vulnerabilities sidebar.
Once the Scripts Library view has populated, you will see a long list of security scripts arrayed in a table, as shown below.Drop-down TitleDrop-down Title |
The following information can be used for filtering the table columns ①
Repairable |
The indicator of the issue reparability. To see which security items can be resolved in the Syxsense console, sort them by Repairable column within the column set for the security definitions. Resolution Icons: A vulnerability can't be automatically resolved, Cortex remediation is not available. A vulnerability can be automatically resolved, Cortex remediation is available. |
Approved |
This indicates if a repairable script is ready for deployment. Used for approving multiple security remediation workflows for deployment without additional review of each workflow. The script is not repairable Approved for deploy Not approved for deploy It is recommended to thoroughly research the remediation workflow before approving it for deployment, as the applied changes may pose a danger to your system configurations. |
State | The indicator of the device that has a particular flow. |
Title | The name of the vulnerability. |
Description | The information about the vulnerability. |
CVSS | The independent CVSS score represented as the number (You can also switch on and off a color indicator by checking/unchecking the checkbox with an empty row below). |
CVSS Severity | The independent CVSS score represented as a title (You can also switch on and off a color indicator by checking/unchecking the checkbox with an empty row below). |
Severity |
Syxsense-issued severity Blue - A Low-severity vulnerability Yellow - A Medium-severity vulnerability Orange - A High-severity vulnerability Red - A Critical-severity vulnerability Grey - A vulnerability severity status unknown |
Vendor | Syxsense |
Language | INTL |
CVEs | Lists the Common Vulnerabilities and Exposures identifiers associated with the vulnerability. |
Date Published | The date the script was published. |
Is Reboot Required | Specifies whether a system reboot is necessary after applying the script. |
Public Aware |
The method to expose the vulnerability is publicly aware. Publicly Aware vulnerabilities are often weaponized and therefore should be prioritized before they become weaponized. |
Counter Measure | An alternative solution exists where the patch can be mitigated, see vendor for full details. |
Weaponized |
The vulnerability is currently being exploited. Weaponized vulnerabilities should be treated as Zero-Day ones and deployed urgently. |
You can also refine security script content by device using the Device Targeting Wizard. ②
This feature allows you to specify a list of assets, narrowing down the scope of security scripts to only those relevant to the specified endpoints.
Further filtering can be obtained by searching for specific content using the Search Input box ③
Currently, Syxsense supports the following searches:
Title | Vulnerability name (crafted by Syxsense) |
Description | Vulnerability description provided by Syxsense |
CVE | The Vulnerability Identity provided by Mitre Corporation |
HelpFileID/Syx-ID |
The Vulnerability Identity provided by Syxsense. This unique HelpFileID is correspondent to the last characters in vulnerability URL before .html in Vulnerabilities Database E.g. AV Definitions Over 14 Days (Symantec) (syxsense.com) has syx-1005-10269 ID. |
The upper toolbar offers the following options which are applicable to security scripts ④
Copy Query |
To replicate or share a particular query |
View Details |
To view the summary of the vulnerability, script components. If the vulnerability is repairable you can also review the Resolution workflow steps and Approve a Workflow. By clicking View Details in the Summary you will open a security article with detailed information about this specific vulnerability. |
Scan |
Start Security Scan task |
Create Group |
Security content groups are built in the same way as Patch Groups and are organized in the same location. To build a security content group, simply select the security items you wish to include in a group, and then select this toolbar item. Creating security content queries is also almost identical to the process of creating Patch Queries and Default Queries. Security content can even be included within a Patch Query. To create a query that reports on both patch and security content, select the 'Include Security Scripts' button within the Query generation wizard. |
Export | Export the scripts list to the XML file. Export individual scripts, or a subset of the scripts displayed by control clicking or shift clicking rows of data within the console, and then selecting the Export button located. |
Discovery: Security FamiliesDiscovery: Security Families
In addition to the standard attributes available to Syxsense patch content, the Syxsense security content library also has an attribute for the family of vulnerabilities to which the security definition belongs.
Each of the vulnerabilities belongs to a different classification called a Family. Using these Families, you can scan for specific types of vulnerabilities without the need to scan for everything e.g., scanning just for BitTorrent programs.
All information about known vulnerabilities and the description of each family are available in our Vulnerabilities Database.
AD FS Hardening | A security family consisting of definitions to detect which actions are required to harden Active Directory Federation Services (AD FS) |
Antivirus | A security family consisting of definitions to detect common Antivirus product definition status and frequency of scans. |
Backdoors | A security family consisting of definitions to detect common backdoor applications. |
Browser Extensions | A security family consisting of definitions to detect common vulnerabilities in browsers extensions. |
Browsers | A security family consisting of definitions to detect common browsers vulnerabilities. |
CIS Benchmarks | A security family consisting of definitions to detect which actions are required to maintain compliance with the CIS Benchmarks. |
Crypto Mining | A security family consisting of definitions to detect traces of cryptocurrency mining. |
Databases | A security family consisting of definitions to detect common Database vulnerabilities. |
Drivers and Hardware | A security family consisting of definitions to detect common hardware and drivers' vulnerabilities. |
Engineering and Development Software | A security family consisting of definitions to detect common engineering and development software vulnerabilities. |
Firewalls | A security family consisting of definitions to detect common vulnerabilities in firewall software. |
FTP Software | A security family consisting of definitions to detect common FTP software vulnerabilities. |
Graphics Software | A security family consisting of definitions to detect common graphics software vulnerabilities. |
Legacy and Out-of-Support Software | A security family consisting of definitions to detect software that is no longer supported. |
Microsoft 365 Apps | A security family consisting of definitions to detect common security threats in Microsoft 365 Apps. |
Miscellaneous | A security family consisting of definitions to detect vulnerabilities that do not fit any of the represented categories. |
.Net Core Vulnerabilities | A security family consisting of definitions to detect common vulnerabilities detected in .NET Core. |
Peer-to-Peer File Sharing (Applications) | A security family consisting of definitions to detect common P2P sharing applications. |
Peer-to-Peer File Sharing (Binary) | A security family consisting of definitions to detect common P2P binaries. |
Policy Compliance | A security family consisting of definitions to detect common compliance items like anti-virus usage, firewall status, and full-disk encryption status. |
Port Scanner | A security family consisting of definitions to detect vulnerable ports. |
Post Patching | A security family consisting of definitions to detect which post patching activity is required. |
Privacy | A security family consisting of definitions to detect common vulnerabilities which affect users' privacy. |
Remote Desktop | A security family consisting of definitions related to remote desktop connections. |
RPC | A security family consisting of definitions related to remote procedural calls. |
SNMP | A security family consisting of definitions related to network management traffic. |
Social Networking | A security family consisting of definitions to detect vulnerabilities in social networking software. |
VPN Software | A security family consisting of definitions related to the VPN software. |
Virtualization | A security family consisting of definitions related to virtualization software. |
Web Servers | A security family consisting of definitions to detect common vulnerabilities and security issues in web servers. |
Windows Configuration | A security family consisting of definitions to detect common overall Windows configuration vulnerabilities. |
Windows Policies | A security family consisting of definitions to detect faulty Windows security policies. |
Windows User Accounts | A security family consisting of definitions related to Windows user security, account statuses, and local settings. |
Video Tutorials: Create Vulnerability QueryVideo Tutorials: Create Vulnerability Query
Watch an example of creating new Security Scan Query: Weaponized or Public aware Video
Watch an example of creating new Security Scan Query: Severity rating Video
Watch an example of creating new Security Scan Query: Severity family Video
Watch an example of creating new Security Scan Query: Remediation ready Video
Watch an example of creating new Security Scan Query: Keyword Video
Last Update: July, 2024
Copyright ©2024 by Syxsense, Inc. All Rights Reserved