Vulnerability Assessment Feature Overview

Follow

 

Supported OS Distros

Threat Stack currently supports the Vulnerability Assessment feature on the following Linux distros:

  • Ubuntu
  • Amazon
  • RedHat

Vulnerability Assessment Overview

Threat Stack runs a daily Vulnerability Assessment that analyzes all installed packages against the Common Vulnerabilities and Exposures (CVE) listed in the National Vulnerability Database (NVD) run by the National Institute of Standards and Technology (NIST).

For each vulnerability, the severity score is based on the Common Vulnerability Scoring System v2 (CVSS v2) used by the NVD. The severity can be high (H), medium (M), or low (L) as determined by NVD.

At the end of the assessment, Threat Stack displays a list of vulnerable packages, associated CVEs, and impacted servers. As a security management best practice, Threat Stack recommends that you review and analyze the assessment results, using the suggested documentation provided by the supported operating system (OS) security notices and NVD articles.

Vulnerability Assessment Results

Threat Stack aims to provide you with a holistic understanding of potential vulnerabilities by assessing all packages installed using the package manager. Threat Stack will not remediate or manage package vulnerabilities on your behalf.

You can resolve these vulnerabilities at the host level or suppress the vulnerability within Threat Stack.

If you find vulnerabilities and deem them low risk, i.e. OS defined will not fix/low priority etc, you have the ability to suppress the vulnerability. Learn more about Suppressing Vulnerabilities

To resolve the vulnerability at the host level, implement the suggested remediation steps according to the supported OS security notice. Confirm on the next daily scan (the daily assessment starts at 12am UTC) that you are no longer vulnerable.

For more information see the NVD Frequently Asked Questions or A Complete Guide to the Common Vulnerability Scoring System v2.

Subscribe to Assesment Results

Threat Stack runs an assessment when an agent is first installed and then runs daily assessments starting at 12am UTC.

You can subscribe to a daily vulnerability report email. To enable these reports, navigate to the Notifications Settings section on the General Settings tab of the Settings page.

Vulnerability Package Assessment Workflow

This image depicts the flow of the Threat Stack agent detecting packages, cross-referencing them against more than two million identified CVEs.

Info

For this illustration, we use "TS" to refer to Threat Stack.

Vulnerabilities Workflow illustration

Select the image to enlarge it.

Articles in the Vulnerability Assessment Series

Vulnerability Assessment FAQ

Suppress or Unsuppress Vulnerabilities

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.