Using Automox Vulnerability Sync

From the Manage > Tasks page, you can organize vulnerabilities into Automox tasks.

Download a CSV-formatted Vulnerability Report

Follow the instructions in Exporting Vulnerability Scanner Reports to download a CSV-formatted vulnerability report from your third-party vulnerability scanner.

Viewing Tasks

Click Manage to navigate to the System Management landing page and click View Pending. This opens the list of pending tasks.

List of pending tasks

Uploading a Vulnerability Report to Create Tasks

You can upload a CSV-formatted vulnerability report from a variety of different CSV providers and start adding tasks.

Note: The maximum file size for CSV uploads is 20,000 rows.

  1. Click Add Task.
  2. Select the CSV provider format for the report that you want to upload.
    Note: The format required for the report is listed in the Expected Format field. Refer to that to ensure that the uploaded file meets the requirements.
  3. Click Upload File and select the CSV file that was downloaded from the vulnerability scanner. 
  4. If Automox determines the size of the file is acceptable, a confirmation shows that the file is accepted without errors and prompts you to click Next
  5. A message then shows that it is processing the CSV. Click Finish.

Syncing the Imported Report

From the Imported Batches tab you can follow the mapping process of the uploaded CSV file.

The mapping process is asynchronous and will take time to discover hostnames and any CVEs that they are impacted by. A sync is complete once it shows as Awaiting Approval. Each CSV file has its own row and when the file completes processing, it is highlighted.

Table ColumnDescription
CSV NameName of the CSV file that was uploaded
Queued ByEmail address of the user who uploaded the file
SourceIndicates the CSV provider source
Impacted DevicesNumber of devices impacted by the task
StatusPossible values:
  • Awaiting Approval
  • Rejected
  • Approved
  • Building
  • Error

Viewing the Processing Results

To create the individual tasks, you can now review the results of the syncing process.

  1. From the Imported Batches tab, click the CSV file name to open the results page. 
  2. You will see the Tasks Pending Creation tab, which outlines all of the tasks to be created (each one is a separate CVE).
  3. Before creating any tasks, review the separate tab titled Potential Issues that highlights any issues with the data that Automox has ingested. If there are no issues, this tab is not available.

Table ColumnDescription
DeviceName of the device with potential issues
HostnamePermanent device name
Private IPIP address of the device
CVEName of the CVE
Issue Type
(hover over description for more information)
Possible values:
  • CVE not found: Automox doesn't have data on the CVE ID in question, the CVE is out of date/superseded by a different CVE, or it is associated with a macOS vulnerability or third-party app that we don't currently support.
  • Hostname not found: Automox was unable to find a match for the hostname in the report. Check if the Automox agent is deployed on the device.
  • Duplicate hostname: Two or more of the same hostnames were found. Automox will apply packages to all duplicated hosts. Ensure that hostnames are unique.

After you have reviewed the issues tab, you can move on to the next step and create tasks.

Creating Tasks From the Results Page

From the Tasks Pending Creation tab, you can either create tasks, reject the batch, or cancel and return to the list of batches.

  1. To create tasks, click Create Tasks to add tasks to the Tasks page.
  2. From the Tasks page, click the task name to open the task details page. From here you can run the task, reject the task, or export a detailed CSV. Click Run Now.

    When the task is initiated, commands are immediately sent to all impacted devices.

    • If reboots are required, the device will be put into a "needs reboot" state after remediation, however, that reboot will not happen automatically.
    • We do not support notifications or deferrals for tasks at this time. That is expected for a future release.

  3. You can export a detailed CSV of all impacted devices with greater detail (Note: This is available for tasks in any status).
    The export includes the following:
    • Hostname
    • Custom Name
    • Device ID
    • Patch Status
    • Error Message
    • Private IP
    • Public IP
    • Time Initiated
    • Time Completed
    • Patch Completed (identifies the CVE)
    • Package Version ID
    • Software
  4. At any point you can view a summary page of a task that is in progress. Click the task name from the Tasks page to review real-time, device-level reports. Commands time-out after 24 hours of the device being unreachable, which results in a patch failure. As noted previously, detailed device reports for a given task are available in any status (Pending, In Progress, Executed, Rejected).  

  5. You can reject a task that represents work that will not be done. It will remain in the task list indefinitely with the appropriate status. Tasks that are rejected remain on the Tasks page. If you decide to run that task in the future, you have to re-import the CSV, create the tasks, and run them. This function is primarily to serve the use-case of a CVE or package being obsolete or something that an admin has determined they will not do.

Related Topics: