Use discovery models to match software with vulnerabilities

A discovery model is a software model associated with a customer's software installation. If your instance uses Software Asset Management or Discovery to search for vulnerable software, you can use discovery models in Vulnerability Response to match software with vulnerable items.

Before you begin

Role required: sn_vul.vulnerability_write

Procedure

  1. Navigate to Vulnerability > Libraries > Vulnerable Software.
    A list of vulnerable software downloaded from the NVD is shown.
  2. Click a vulnerable software record to open it.
  3. Click the Match discovery model related link.
    The Possible Software Discovery Model pop-up box displays possible matches for the software.
    Possible Software Discovery Models
  4. If the list includes a discovery model suggestion that is correct, click the software name.
    Note: In the screen shown above, since the vulnerable software is Cisco Secure Desktop 3.5.1077, a likely discovery model match would be Cisco Secure Desktop 3.5 Base, because that model is most likely to include the vulnerable software.
  5. If there are no suggestions or none of the suggestions look likely, close the pop-up box, click the magnifying glass list icon on the Software discovery model field, and select a discovery model.
  6. Click Update to save the record.
    Note: You can also select discovery models for multiple records from the Vulnerable Software list. Select the check boxes for the records you want to match to a discovery model. Then select Match discovery model from the Actions on selected rows choice list.

    If you match discovery models from the list, review each of the matched discovery models to ensure that they are correct. To confirm that the discovery models are correct, open the record where the model was matched. Then click the Confirm Model Auto-Match link at the bottom of the form.

    As each record is confirmed, the Auto-Matched Discovery Model and Auto-Match Confirmed check boxes are selected. The Vulnerable Items related list displays the vulnerable items discovered for this software.

What to do next

After software has been matched to vulnerabilities, you can escalate the vulnerabilities for remediation.