cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Importing data from Splunk to SVM

ChrisG
By Community Manager Community Manager
Community Manager

Does SVM have the ability to take a feed of data about what is installed on client computers from Splunk? We're looking to get more up to date/realtime data fed into Secunia without adding another agent to the desktop fleet.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)
(1) Solution
bkelly
By
Flexera Alumni

No, SVM 2019 does not perform assessment based on a simple inventory. Such often does not provide the granularity necessary to determine the specific build of an installed application which is necessary to confirm if the installed version is vulnerable or not. To accomplish this we leverage file signatures (both a quick and accurate method). 

The good news is that you do not need to install the agent to perform a scan. Many customers choose to simply run the SVM scan as a scheduled task using SCCM, BigFix, Workspace ONE, etc. A simple command line can do the trick and avoids the need for an installation of the agent. Alternatively, SVM can leverage an SCCM inventory if it is configured to collect details about EXE, DLL and OCX files (which are necessary to support a File Signature based scan). 

View solution in original post

(2) Replies
bkelly
By
Flexera Alumni

No, SVM 2019 does not perform assessment based on a simple inventory. Such often does not provide the granularity necessary to determine the specific build of an installed application which is necessary to confirm if the installed version is vulnerable or not. To accomplish this we leverage file signatures (both a quick and accurate method). 

The good news is that you do not need to install the agent to perform a scan. Many customers choose to simply run the SVM scan as a scheduled task using SCCM, BigFix, Workspace ONE, etc. A simple command line can do the trick and avoids the need for an installation of the agent. Alternatively, SVM can leverage an SCCM inventory if it is configured to collect details about EXE, DLL and OCX files (which are necessary to support a File Signature based scan). 

wmahmood
By Community Manager Community Manager
Community Manager

Hello Chris,

We currently support scanning of machines either via SVM agents, remote scans, and SCCM inventory import. However, we don't support importing data via Splunk for vulnerability assessment.

Software vulnerability research can import a list of product that can be added as watch lists.

Let us know if there are further questions. 

Regards,

Waqas