Vulnerability Assessment Dashboard - find affected computers for vulnerability

GileraracerGileraracer
in WatchGuard EPDR/EDR/EPP

Hi all,

according to this help center site: https://www.watchguard.com/help/docs/help-center/en-us/Content/en-US/Endpoint-Security/monitor-threats/dashboards/dashboard-vulnerability-assessment.html

it should be possible to show computers missing a certain patch ("To open the Available Patches by Computer list filtered to the selected patch, click a box in the tile. This list shows the computers and devices missing the patch.").

However, in EPDR when i click a box in the tile i do not get a list of affected computers but another overview of the missing patch. I was not able to find any direct way to find out which computers are missing a certain patch starting on the Vulnerability Assessment Dashboard.

Did i miss something?

For example, i can see that one computer is missing KB5005112 but i did not find a way to find out which of the 100 managed computers is missing the patch.

Thanks in advance
Gil

Comments

  • krabickowkrabickow

    I recently started using EPDR and was wondering the same thing. I'll be following in hopes that you get an answer.

  • David_CarroDavid_Carro WatchGuard Representative

    Dear @Gileraracer

    This is the correct behaviour for the module Vulnerability Assessment.
    In order to select the devices and install the selected patch on those devices, this module has to be change to Patch Management, where you will be able to see what patches are missing on what devices:

    David

    David Carro | Technical support
    WatchGuard Technologies, Inc. | www.watchguard.com

  • GileraracerGileraracer

    Hi David,

    thanks for your reply. I couldn't believe that this could really be the case. This is so extremely inconvenient because it means that I now know that a client is missing a critical patch. However, having more than 100 clients with EPDR installed, I have a really hard time to find out which client is affected (clicking through 100+ clients???).

    Best regards,
    Gil

  • David_CarroDavid_Carro WatchGuard Representative

    I am very sorry, Gill, but I am afraid that is the way it was developed.
    We do have patching and updating programs on the market (patch management for the endpoint and Patch Management on System management).
    I am sorry for the inconvenience.

    David

    David Carro | Technical support
    WatchGuard Technologies, Inc. | www.watchguard.com

  • krabickowkrabickow

    Hello David,

    Correct me if I am wrong, but it sounds like the only reason WatchGuard has included the Vulnerability Assessment in the EPDR product is to drive sales of your other products. I am really disappointed in this. Let me be clear, I am not disappointed that you want to use one product to drive sales of another product. What I am disappointed in is that you have advertised a feature (vulnerability assessment) of one product (EPDR), but have then rendered that feature utterly useless without purchasing another product. Some of us may not need yet another product for patch management but may want to use a tool for reporting to catch anything that our existing patch management products may miss. No product is perfect. If your tool consistently identifies vulnerabilities that have not been addressed with our existing tooling, then maybe we would consider switching to your product. Unfortunately, with the intentional decision of WatchGuard to make the reporting useless, I doubt it will be worth our time to even try to use the tool in this manner.

    Thanks,

    Kenny

  • David_CarroDavid_Carro WatchGuard Representative

    Hi Kenny.

    This module is presented as a tool for the partner/end customer to check if all updates and vulnerabilities have been covered correctly and if the maintenance has been applied to have a healthy environment (netwise).
    If this module shows errors, it means that the procedure actually in use is not the appropriate.
    The vulnerability assessment report was just that: an assessment of whether the method used so far was the right one, and whether all the vulnerabilities on your network were covered.
    If the method used was not the right one, we can offer you another method to cover them.
    There is a 30 day trial where you can evaluate the Patch Management module and decide if it meets your needs or if you would prefer to move to third party software.

    I am sorry if this was the impression you had of our module. But it was presented to help you verify that you have the right solution in place, and not to force the use of our Patch Management module.
    The vulnerability assessment was not designed to install patches, but to assess whether your current approach is the right way to protect your customers.

    May I suggest you try our 30 day trial? no compromise on switching if it does not meet your expectations.

    Kind regards,

    David Carro | Technical support
    WatchGuard Technologies, Inc. | www.watchguard.com

  • krabickowkrabickow

    Hello David,

    I am not interested in a trial at this time. I was hoping the Available Patches by Computers list would produce detailed results like the End-of-Life programs list. Instead, it only provides a summary indicating the number of computers missing each patch with no way to generate a list of all computers missing each specific patch (without purchasing the other product). I have accepted this as a limitation of the product.

    I will continue using the Vulnerability Assessment to aid in identifying End-of-Life programs. The EOL information is presented in a manner that allows me to see which devices each EOL program is detected on. I am able to export the list of End-of-Life programs into a CSV file and use Microsoft Excel to filter by Program.

    Thanks,

    Kenny

Sign In to comment.