Supported OS Distros
Threat Stack currently supports the Vulnerability Assessment feature on the following Linux distros:
Vulnerability Assessment Overview
Threat Stack runs a daily Vulnerability Assessment that analyzes all installed packages against the Common Vulnerabilities and Exposures (CVE) listed in the National Vulnerability Database (NVD) run by the National Institute of Standards and Technology (NIST).
For each vulnerability, the severity score is based on the Common Vulnerability Scoring System v2 (CVSS v2) used by the NVD. The severity can be high (H), medium (M), or low (L) as determined by NVD.
At the end of the assessment, Threat Stack displays a list of vulnerable packages, associated CVEs, and impacted servers. As a security management best practice, Threat Stack recommends that you review and analyze the assessment results, using the suggested documentation provided by the supported operating system (OS) security notices and NVD articles.
Vulnerability Assessment Results
Threat Stack aims to provide you with a holistic understanding of potential vulnerabilities by assessing all packages installed using the package manager. Threat Stack will not remediate or manage package vulnerabilities on your behalf.
You can resolve these vulnerabilities at the host level or suppress the vulnerability within Threat Stack.
If you find vulnerabilities and deem them low risk, i.e. OS defined will not fix/low priority etc, you have the ability to suppress the vulnerability. Learn more about Suppressing Vulnerabilities.
To resolve the vulnerability at the host level, implement the suggested remediation steps according to the supported OS security notice. Confirm on the next daily scan (the daily assessment starts at 12am UTC) that you are no longer vulnerable.
For more information see the NVD Frequently Asked Questions or A Complete Guide to the Common Vulnerability Scoring System v2.
Subscribe to Assesment Results
Vulnerability assessments occur within 15 minutes of package collection. Threat Stack collects packages at the following times:
- Daily between 12:00 a.m. and 2:00 a.m. UTC.
- The first time an Agent starts and connects to the Threat Stack platform.
You can subscribe to a daily vulnerability report email. To enable these reports, navigate to the Notifications Settings section on the General Settings tab of the Settings page.
Vulnerability Package Assessment Workflow
This image depicts the flow of the Threat Stack agent detecting packages, cross-referencing them against more than two million identified CVEs.
For this illustration, we use "TS" to refer to Threat Stack.
Select the image to enlarge it.