Have an idea for changing SVM and SVR? The product team wants to hear it

Flexera
Flexera
1 10 1,623

You can help shape Flexera's future by sharing ideas for improving Software Vulnerability Manager and Software Vulnerability Research. We know you work with this product, probably every day. You not only see how well it works now, but you also have ideas for making it better.  

Your feedback is essential to informing product decisions and shaping how SRM and SVR and other Flexera solutions will evolve.  The Ideas board is gone. But don’t worry. Ideas you submitted to the Idea board are not lost. And a new spot for collecting ideas will find a permanent place on the Flexera Community in June. 

In the meantime, we still want to hear your suggestions.   

The comments below this article are your spot to offer ideas. Flexera’s product team will regularly review the ideas you post. The product team is primarily watching for ideas that gain traction among members of the community. That’s why it’s important for you to both leave your ideas but also support other excellent product ideas you see.  

How it works:   

  1. You’ll need to register with and log in to the community. Click “Sign In” in the upper right-hand corner. If you don’t have an account, create one by clicking “Let’s go!’ on the sign in page. Or log in if you already are registered.  
  2. Check if your suggestion already is posted in the comments below. If it is, click the thumbs up to give it a kudo. More likes will increase the visibility and help us prioritize.  
  3. Submit your idea for a product change, if it isn’t there.  

One more thing: You don’t need to mention bug fixes or other issues that Flexera’s Support team could handle. 

You can open a support case by clicking on “Get Support” drop-down menu at the top of the page if you have a maintenance plan.  

Thank you for your help. 

10 Comments
Flexera beginner
Please enable MFA for this service https://csi7.secunia.com This is critical for us
Active participant

We are using SVM globally in our all offices. There is a new feature to "collect network information) with IP + MAC address. This data are only visible to the root Admin.

The problem we are facing that we want to use this data to build up Smart Groups. This is technically  not possible. We could build with the data set smart groups like

> based on IP string/range last scan from LAN or remote/cloud

> based on IP subnet we could build smart groups per floor/office with devices

etc

This would give us a more granular view of devices in offices / floors where we need focus on most critical devices with software on them.

 

This days the SVM system can't provide the IP collection but there is no usage possible of this data which would help.

Occasional contributor

We require to see in SVR  which advisories from Microsoft (KBxxxx) or Redhat (RHSA-xxx) has been replaced by a newer one. This is necessary to assess which latest patch for a certain CVE have to be installed rather than installing individual patches. Microsoft wraps up certain patches / advisories into cumulative ones etc. This would be very helful because at the moment our engineering is quite busy with the assessment which KBxxxx is replaced by which KBxxxx . Examples you can get from the link below

This information what is replaced by what need to be provided in a structured format i.e. through the REST API as an extension of each security advisory.

Example MS Advisory KBxxxxx 

Capture.PNG

 

Thank you

Occasional contributor

It would be helpful if you can search inside SVR with the vendor advisory number. currently it is not possible to search via RedHat Security Advisory Number. You get no results back (RHSA-xxxxx). Search via CVE works but is not as useful as when you can search via the reference number from the vendors

Please add this feature, because Red Hat Enterprise Linux is a quite used platform.

Moderator Moderator
Moderator

Thank you @megloff , both are great suggestions; we are already looking into how we can add supersedence info for KBs, but your request to search based on RH advisory numbers is a first!

Flexera
Flexera

Hi,

I just wanted to add a note that, currently it is possible to search for RHSA-xxxx advisories in the SVR Advisory Search database engine. 

1. Logon to SVR

2. Go to Research

3. Use the "Search" field to type in the exact RHSA:xxxx number.

SVR Search uses a "match" function to match the full or certain parts of strings included inside the SAID advisory.
It will produce results even if you have typed in only half of the word and not the entire word you seek to find. 

In one example, if you simply type in RHSA, you'll get a full list of all-time SAIDs that include an official vulnerability reference back to the RHSA advisory. Typing specific RHSA numbers (e.g. RHSA-2020:0630) will also produce a list of all Secunia Advisories containing a reference to that RHSA number. As long as there's the RHSA-2020:0630 string listed anywhere in the contents of the SAID, the SAID should show.

There will be no SAIDs shown as a result of the search when (if):

a) There was no Secunia Advisory published for that vuln, or there was one published by us but the official references in the SAID do not include vendor advisory reference. 

b) There was a Secunia Advisory released that included that RHSA reference, but the advisory has received the status of "Rejected" and your account is not configured to show those. Thus, when you search, the SVR hides what you're not allowed to see by your config. 

Either way, the Search engine should be capable of detecting based on the full string. 
I hope that helps. Attached a screen for visual reference. example search svr.png

Flexera beginner

Hi,

we - and our customers - would love to see the Vendor Patch Module also in SCCM third party updates catalog. This would bringt a great added value.

Thx,

Christoph

Moderator Moderator
Moderator

Thanks @cgraf_scerus ! I've done some investigation on this and the effort to do so is no-trivial. We also want to take care not to diminish the strong value of prioritization we provide which is lost in ConfigMan. One way I think we could balance things would be to support that instead of publishing only via WSUS, we could potentially publish to a private SCUP catalog which you could subscribe to in ConfigMan's their party updates node. It wouldn't be all the patches we have, but those that you prioritized and chose to publish. I'm curious to know if you would find that of significant value or if you are really looking for a disconnected full list of available patches and don't care to prioritize and choose which to deploy in SVM. 

Flexera beginner

Can you change the Average Flexera System Score from only showing whole numbers to fractional numbers? For example, we usually run at about 99%. It would be nice to know if we were at 99.1% or 99.4%. This is really just to give a bit of a boost to the person doing the updating of the computers. It would be nice if the person doing the updating saw an improvement in the main number on the dashboard. I know you can look at the individual computers or software components but it would be nice to see a difference in the Average Flexera System Score

Moderator Moderator
Moderator

Thanks @jsheldon this seems like a valuable enhancement. I'm excited about our launching a proper ideation system soon which will allow us to gauge interest in something like this. In the meantime, if anyone out there sees a downside to such a change please reply here! 

Director, Product Management Charlotte, NC