Does anyone have a dashboard in insightVM that shows which systems have the latest microsoft patches or which don’t? We use this for an executive metric, and cannot find a solution. We’ve even tried putting this data from SCCM, but that’s not proving useful.
We’d like to do the same with Linux servers, but we’d like to solve the microsoft one first. However, if you have suggestions for linux, that would be helpful, too.
I think the overall issue, is that insightVM doesn’t seem to be able to filter/focus on microsoft patches, as patches are obviously not vulnerabilities, and VM focuses on the vulns.
Have you looked at the Patch Tuesday Dashboard that come out each month?
Use this dashboard to gain visibility into the latest vulnerabilities from Microsoft Patch Tuesday, is when Microsoft releases fixes for security flaws in their software. This occurs the second Tuesday of every month.
After these patches are available, attackers immediately start analyzing them to develop exploits. Because of this, it’s critical to track your exposure and monitor your remediation efforts on an ongoing basis to minimize the window of opportunity for exploitation.
Hi Brandon, and thanks for your suggestion. Yes, I’ve tried that dashboard, but it doesn’t quite provide the data we need for this one particular metric [Patch Compliance Rate (%) = (Number of Devices with Up-to-Date Patches / Total Number of Devices) x 100]. The card for Top Remediated Vulnerabilities may solve my problem. I can export it to a CSV, and then filter out to only show ones that start with “msft” in the Vulnerability Key column, since I’m only worried about OS Patching for this specific metric against microsoft systems. It then shows Remaining Instances (hopefully 0) of systems with the vulnerability and Remediated Assets (hopefully all assets affected by that particular vulnerability).
In the dashboard you can create a goal for the remediation of those vulns, that would give you your compliance rate
Remediate 100% of vulnerabilities where vulnerability.datePublished = 2024-04-09 && vulnerability.categories IN [‘microsoft’] && vulnerability.categories NOT IN [‘microsoft out-of-band’]
Maybe a bit late to the party, but I use an ongoing Remediation Project that grabs the most recent Patch Tuesday vulns. Using this view displays by Solution and how many associated vulns there are along with affected and completed assets as well as total risk reduction.