Automated Vulnerability Remediation FAQ
The following are common questions and answers about Automated Vulnerability
A flaw, weakness, or error in code, design, or configuration that can be exploited by threat actors to compromise the security, functionality, or data of an application or system. Remediation The act of mitigating a vulnerability or a threat, or the neutralization or elimination of a vulnerability or the likelihood of its exploitation. (AVR)
- If I execute any actions from AVR, will it restart those systems?
- No - The patch A software security or stability update. executes, but the system is not restarted
- No - The patch
- Can I recreate a connection?
- If an API key Credential for programmatic access to the Automox platform. needs updating, Automox currently recommends creating a new connection with the updated API key and region information.
- If an API key
- Can you use Automated Vulnerability Remediation with Rapid7 Nexpose?
- No - AVR is a platform to platform integration and does not support pulling data directly from the Rapid7 Nexpose console Our web-based management dashboard, available at https://console.automox.com..
- No - AVR is a platform to platform integration and does not support pulling data directly from the Rapid7 Nexpose console
- Is it currently possible to leverage worklets Represents an automation script that can execute on a set of devices, consisting of evaluation and remediation code blocks. Worklets can be OS-specific or targeting a platform-agnostic language. from the Worklet Catalog Respository of pre-built, Automox-verified worklets, available in the Automox Console. for remediations?
- You can use worklets from the catalog as long as the worklet is already defined as a custom policy Represents a set of logic statements that define the desired target state of a device, the allowed remediation schedule, and configuration parameters around how that remediation should take place. within the organization A subset of an account. An Automox customer account can be tied to multiple organizations, and users can be invited to, and access multiple organizations. An organization contains users, devices, and policies..
- You can use worklets from the catalog as long as the worklet is already defined as a custom policy
- Is it possible to configure the integration to run at a particular time during the day?
- No - The integration with Rapid7 is only configured to run on a schedule once per day at 4 AM MT.
- Why don't I see any CVEs Represents a unique identifier for a vulnerability record as defined and cataloged by https://cve.mitre.org. for App Store on macOS?
- Automox now includes severity data for native macOS packages Represents a piece of software for a specific OS family (Windows, Mac, Linux), OS version (Server 2019), CPU architecture (x86), and software version (v7.02.5329a).. However, updates A minor version update to a patch or package, usually involving bugfixes and no major functionality changes. For example, updating a package from version 1.13 -> 1.14 for applications that are included with macOS are updated as part of the OS Platform type for devices: Windows, macOS, or Linux. update. For example, App Store would be updated when you install the macOS update. For more information, see macOS Best Practices: Patch Notifications & CVEs.
- Automox now includes severity data for native macOS packages
Troubleshooting
- When a saved configuration runs, I receive an “invalid action connection unauthorized” error.
- This error occurs when you select an invalid API key or region when creating a connection. Create a new connection and verify the API key and region are correct for your Rapid7 Platform organization.
- This error occurs when you select an invalid API key or region when creating a connection. Create a new connection and verify the API key and region are correct for your Rapid7 Platform organization.
