Scanning for Obsolete software

I am fairly new to this platform and was tasked to see if Nexpose could scan our asset’s for outdated software and also tell me what asset the outdated software is on. Could somebody point me in the direction of how to achieve this? Thank you.

1 Like

There is a dashboard card " Assets Running Obsolete Operating Systems"

Hi Brandon,

Thanks for the response, I have taken a look at that dashboard card, it is only pulling software information from assets with obsolete OS’s. We are looking to gather software versions that are outdated from all assets.

Thank you.

Any Mooses can chime in, but what I’ve been telling my customers when they ask this is that InsightVM identifies known vulnerabilities. If there is a cve for obsolete software, then it will report. Otherwise, software lifecycle management should be tracked in something like a CMDB.

Well… for insightVM… I do a query for vulnerability title. Put in ‘contains’ obsolete. This will give you the lists of software that are outdated. You can then expand to look at assets. Hope this helps. I haven’t ever seen Nexpose.

1 Like

There is a dashboard called “Assets Running Obsolete Software”

Add this to query builder and it will pull all assets with obsolete software
“vulnerability.categories IN [‘obsolete software’]”
add to vulnerability search filter for the same results.