Contents Security Operations Previous Topic Next Topic Software exposure assessment using Software Asset Management (SAM) Subscribe Log in to subscribe to topics and get notified when content changes. ... SAVE AS PDF Selected Topic Topic & Subtopics All Topics in Contents Share Software exposure assessment using Software Asset Management (SAM) As a vulnerability manager, use Exposure Assessment to determine your total installed software count for a specific software package on your assets. When used with Software Asset Management (SAM), evaluate your exposure, create vulnerable items, and manage remediation for the vulnerable software you discover. Overview As a Vulnerability manager, you can determine your exposure to vulnerable software by providing the vulnerable software information (Publisher, Product, Edition and Version) without using the Common Vulnerabilities and Exposures (CVE) database. Assess cases of a zero-day (current day) vulnerabilities to software for the following cases: When products do not yet have CVE data. When there is a lag between the time a vulnerability becomes publicly known and the CVE data with the vulnerability is updated in the NVD. When you learn about the vulnerability in-between the scheduled scans of your vulnerability scanner. With Exposure Assessment, if you know the publisher and product for the vulnerable software, using the records that list the installed software in your network created by Software Asset Management (SAM), you can assess your exposure to potentially malicious software packages on-demand. Knowing the scale of your exposure to this type of vulnerability permits you to proactively respond by implementing a red alert and uninstalling the software, or informing your security operations center (SOC) to look for a specific patch. You can create vulnerable items and assign tasks to the remediation specialist for further investigation remediation. View a vulnerability group (VG) list to verify that the vulnerable items you want are created and associated correctly to the VG. Exposure assessment for Vulnerability Response is compatible with the Madrid v9.0, New York v9.0, and Orlando family releases. Related conceptsVulnerability Response assignment rules overviewVulnerability groups and group rules overviewRules for identifying configuration items from third-party vulnerability integrationsDiscovered ItemsVulnerability group and vulnerable item statesVulnerability calculators and vulnerability calculator rulesRemediation target rulesVulnerability Solution ManagementChange management for Vulnerability ResponseDomain separation and Vulnerability Response On this page Send Feedback Previous Topic Next Topic
Software exposure assessment using Software Asset Management (SAM) As a vulnerability manager, use Exposure Assessment to determine your total installed software count for a specific software package on your assets. When used with Software Asset Management (SAM), evaluate your exposure, create vulnerable items, and manage remediation for the vulnerable software you discover. Overview As a Vulnerability manager, you can determine your exposure to vulnerable software by providing the vulnerable software information (Publisher, Product, Edition and Version) without using the Common Vulnerabilities and Exposures (CVE) database. Assess cases of a zero-day (current day) vulnerabilities to software for the following cases: When products do not yet have CVE data. When there is a lag between the time a vulnerability becomes publicly known and the CVE data with the vulnerability is updated in the NVD. When you learn about the vulnerability in-between the scheduled scans of your vulnerability scanner. With Exposure Assessment, if you know the publisher and product for the vulnerable software, using the records that list the installed software in your network created by Software Asset Management (SAM), you can assess your exposure to potentially malicious software packages on-demand. Knowing the scale of your exposure to this type of vulnerability permits you to proactively respond by implementing a red alert and uninstalling the software, or informing your security operations center (SOC) to look for a specific patch. You can create vulnerable items and assign tasks to the remediation specialist for further investigation remediation. View a vulnerability group (VG) list to verify that the vulnerable items you want are created and associated correctly to the VG. Exposure assessment for Vulnerability Response is compatible with the Madrid v9.0, New York v9.0, and Orlando family releases. Related conceptsVulnerability Response assignment rules overviewVulnerability groups and group rules overviewRules for identifying configuration items from third-party vulnerability integrationsDiscovered ItemsVulnerability group and vulnerable item statesVulnerability calculators and vulnerability calculator rulesRemediation target rulesVulnerability Solution ManagementChange management for Vulnerability ResponseDomain separation and Vulnerability Response
Software exposure assessment using Software Asset Management (SAM) As a vulnerability manager, use Exposure Assessment to determine your total installed software count for a specific software package on your assets. When used with Software Asset Management (SAM), evaluate your exposure, create vulnerable items, and manage remediation for the vulnerable software you discover. Overview As a Vulnerability manager, you can determine your exposure to vulnerable software by providing the vulnerable software information (Publisher, Product, Edition and Version) without using the Common Vulnerabilities and Exposures (CVE) database. Assess cases of a zero-day (current day) vulnerabilities to software for the following cases: When products do not yet have CVE data. When there is a lag between the time a vulnerability becomes publicly known and the CVE data with the vulnerability is updated in the NVD. When you learn about the vulnerability in-between the scheduled scans of your vulnerability scanner. With Exposure Assessment, if you know the publisher and product for the vulnerable software, using the records that list the installed software in your network created by Software Asset Management (SAM), you can assess your exposure to potentially malicious software packages on-demand. Knowing the scale of your exposure to this type of vulnerability permits you to proactively respond by implementing a red alert and uninstalling the software, or informing your security operations center (SOC) to look for a specific patch. You can create vulnerable items and assign tasks to the remediation specialist for further investigation remediation. View a vulnerability group (VG) list to verify that the vulnerable items you want are created and associated correctly to the VG. Exposure assessment for Vulnerability Response is compatible with the Madrid v9.0, New York v9.0, and Orlando family releases. Related conceptsVulnerability Response assignment rules overviewVulnerability groups and group rules overviewRules for identifying configuration items from third-party vulnerability integrationsDiscovered ItemsVulnerability group and vulnerable item statesVulnerability calculators and vulnerability calculator rulesRemediation target rulesVulnerability Solution ManagementChange management for Vulnerability ResponseDomain separation and Vulnerability Response
