The Community is now in read-only mode to prepare for the launch of the new Flexera Community. During this time, you will be unable to register, log in, or access customer resources. Click here for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
abideaua
By
Flexera Alumni

[IMPORTANT UPDATE: 9 December 2020] Great news - Our Flexera customer and partner community now have a direct opportunity to share ideas and participate in future feature planning.   Learn more and add your ideas via the Ideas Portal moving forward. Please note if you have added an idea to this discussion, we will migrate the idea to the new portal and notify you once it's been done. Thank you to everyone for active participation! 

-------------------------------------------------------------

You can help shape Flexera's future by sharing ideas for improving Software Vulnerability Manager and Software Vulnerability Research. We know you work with this product, probably every day. You not only see how well it works now, but you also have ideas for making it better.  

Your feedback is essential to informing product decisions and shaping how SRM and SVR and other Flexera solutions will evolve.  The Ideas board is gone. But don’t worry. Ideas you submitted to the Idea board are not lost. And a new spot for collecting ideas will find a permanent place on the Flexera Community in June. 

In the meantime, we still want to hear your suggestions.   

The comments below this article are your spot to offer ideas. Flexera’s product team will regularly review the ideas you post. The product team is primarily watching for ideas that gain traction among members of the community. That’s why it’s important for you to both leave your ideas but also support other excellent product ideas you see.  

How it works:   

  1. You’ll need to register with and log in to the community. Click “Sign In” in the upper right-hand corner. If you don’t have an account, create one by clicking “Let’s go!’ on the sign in page. Or log in if you already are registered.  
  2. Check if your suggestion already is posted in the comments below. If it is, click the thumbs up to give it a kudo. More likes will increase the visibility and help us prioritize.  
  3. Submit your idea for a product change, if it isn’t there.  

One more thing: You don’t need to mention bug fixes or other issues that Flexera’s Support team could handle. 

You can open a support case by clicking on “Get Support” drop-down menu at the top of the page if you have a maintenance plan.  

Thank you for your help. 

(27) Comments
ciaranwilliamso
By
Level 2
Please enable MFA for this service https://csi7.secunia.com This is critical for us
Shoggi
By
Level 5

We are using SVM globally in our all offices. There is a new feature to "collect network information) with IP + MAC address. This data are only visible to the root Admin.

The problem we are facing that we want to use this data to build up Smart Groups. This is technically  not possible. We could build with the data set smart groups like

> based on IP string/range last scan from LAN or remote/cloud

> based on IP subnet we could build smart groups per floor/office with devices

etc

This would give us a more granular view of devices in offices / floors where we need focus on most critical devices with software on them.

 

This days the SVM system can't provide the IP collection but there is no usage possible of this data which would help.

megloff
By
Level 3

We require to see in SVR  which advisories from Microsoft (KBxxxx) or Redhat (RHSA-xxx) has been replaced by a newer one. This is necessary to assess which latest patch for a certain CVE have to be installed rather than installing individual patches. Microsoft wraps up certain patches / advisories into cumulative ones etc. This would be very helful because at the moment our engineering is quite busy with the assessment which KBxxxx is replaced by which KBxxxx . Examples you can get from the link below

This information what is replaced by what need to be provided in a structured format i.e. through the REST API as an extension of each security advisory.

Example MS Advisory KBxxxxx 

Capture.PNG

 

Thank you

megloff
By
Level 3

It would be helpful if you can search inside SVR with the vendor advisory number. currently it is not possible to search via RedHat Security Advisory Number. You get no results back (RHSA-xxxxx). Search via CVE works but is not as useful as when you can search via the reference number from the vendors

Please add this feature, because Red Hat Enterprise Linux is a quite used platform.

bkelly
By
Flexera Alumni

Thank you @megloff , both are great suggestions; we are already looking into how we can add supersedence info for KBs, but your request to search based on RH advisory numbers is a first!

RDanailov
By Level 7 Flexeran
Level 7 Flexeran

Hi,

I just wanted to add a note that, currently it is possible to search for RHSA-xxxx advisories in the SVR Advisory Search database engine. 

1. Logon to SVR

2. Go to Research

3. Use the "Search" field to type in the exact RHSA:xxxx number.

SVR Search uses a "match" function to match the full or certain parts of strings included inside the SAID advisory.
It will produce results even if you have typed in only half of the word and not the entire word you seek to find. 

In one example, if you simply type in RHSA, you'll get a full list of all-time SAIDs that include an official vulnerability reference back to the RHSA advisory. Typing specific RHSA numbers (e.g. RHSA-2020:0630) will also produce a list of all Secunia Advisories containing a reference to that RHSA number. As long as there's the RHSA-2020:0630 string listed anywhere in the contents of the SAID, the SAID should show.

There will be no SAIDs shown as a result of the search when (if):

a) There was no Secunia Advisory published for that vuln, or there was one published by us but the official references in the SAID do not include vendor advisory reference. 

b) There was a Secunia Advisory released that included that RHSA reference, but the advisory has received the status of "Rejected" and your account is not configured to show those. Thus, when you search, the SVR hides what you're not allowed to see by your config. 

Either way, the Search engine should be capable of detecting based on the full string. 
I hope that helps. Attached a screen for visual reference. example search svr.png

cgraf_scerus
By
Level 2

Hi,

we - and our customers - would love to see the Vendor Patch Module also in SCCM third party updates catalog. This would bringt a great added value.

Thx,

Christoph

bkelly
By
Flexera Alumni

Thanks @cgraf_scerus ! I've done some investigation on this and the effort to do so is no-trivial. We also want to take care not to diminish the strong value of prioritization we provide which is lost in ConfigMan. One way I think we could balance things would be to support that instead of publishing only via WSUS, we could potentially publish to a private SCUP catalog which you could subscribe to in ConfigMan's their party updates node. It wouldn't be all the patches we have, but those that you prioritized and chose to publish. I'm curious to know if you would find that of significant value or if you are really looking for a disconnected full list of available patches and don't care to prioritize and choose which to deploy in SVM. 

jsheldon
By
Level 2

Can you change the Average Flexera System Score from only showing whole numbers to fractional numbers? For example, we usually run at about 99%. It would be nice to know if we were at 99.1% or 99.4%. This is really just to give a bit of a boost to the person doing the updating of the computers. It would be nice if the person doing the updating saw an improvement in the main number on the dashboard. I know you can look at the individual computers or software components but it would be nice to see a difference in the Average Flexera System Score

bkelly
By
Flexera Alumni

Thanks @jsheldon this seems like a valuable enhancement. I'm excited about our launching a proper ideation system soon which will allow us to gauge interest in something like this. In the meantime, if anyone out there sees a downside to such a change please reply here! 

pshealy
By
Level 2

Would like to request the addition of a search field under the "View Installations" windows so that you can search for individual machines without having to scroll through all the installs to find.  Add search field to "View Installations" WindowAdd search field to "View Installations" Window

Also, would like to request the ability to copy the file path of a software installation from that same window so that you do not have to export into a spreadsheet in order to copy. 

Ability To Copy and Paste From "View Installations" WindowAbility To Copy and Paste From "View Installations" Window

bkelly
By
Flexera Alumni

Nice, thanks @pshealy !

 

briggsm
By
Level 3

I would also like to be able "Size all Columns to fit" or full screen.  I have so much trouble trying to expand the columns to see the path!  Frustrates me every time I use it.

Maybe make the column 'slider' easier to find?

briggsm
By
Level 3

I would also LOVE a "Last Logged On Username" column.  I know that really isn't what the tool is for, but it's the first question I get asked when I share a report....every time!

gareth_moss
By
Level 3

Good Morning All,

 

Something Administrators struggle with a lot (everywhere I've worked), is that there are numerous Consoles for Administrators that require you to log in for visibility of an issue. I would like to suggest that it is possible to automatically generate email alerts for new vulnerabilities (So the information is received directly, without having to look in the console / generate reports).

For example:
Alert: New vulnerability has been released

If Vulnerability:
- CVSS, CVSSv2 or CVSSv3 Score Exceeds 8
- Affected Hosts, Exceeds 100
- Is Program (Rather than OS) 
Report to User1@Domain.com, User2@Domain.com, User3@Domain.com 

 

Email should contain (at a minimum):
- Program Name
- Affected Versions (including Remediated version, if known) 
- CVSS, CVSSv2 or CVSSv3 Score
- KB Article/Web Reference

What would be a bonus: Whether or not the vulnerability could/couldn't be patched using Secunia SPM or VPM modules. 

Kind Regards,

Gareth

gareth_moss
By
Level 3

Additional Request: 

To have an available report within Secunia which details the following:

- What can/can't be Patched by the SPS Module
- What can/can't be Patched by the VPM Module
- What can't be Patched by the Secunia (either module) 

I am often asked for an 'estimated effort' to resolve 'all' of the vulnerabilities within the portal but it is not clear which applications can/can't be patched within Secunia. 

bkelly
By
Flexera Alumni

Hi @gareth_moss ! If you are using the cloud version of Software Vulnerability Manager, please see our new SPS/VPM Product View which I believe helps address the challenge you have outlined. If you are on-prem, this update is schedule to be released next week so look for it soon!

gareth_moss
By
Level 3

@bkelly Thankfully - we are using the Cloud Version.

 

You guys snuck that one in! That's brilliant. Thank you very much! 

gareth_moss
By
Level 3

@bkelly  Would I be correct in presuming that if '-' appears, the product cannot be patched using SPS OR VPM?

bkelly
By
Flexera Alumni

@gareth_moss I don't believe so. If for example, you have VPM selected, all those that return have patch data, the dashes you are referring to would be indicating the patch is not tied to a vulnerability (so there is no SAID, criticality, etc.). If you are referring to something else, please highlight a screen shot and I can be more specific. 

nnitsitu
By
Level 2

Feature request for Smart group notification for SVM

 

1. Currently the Smart group filters are very broad and esp for filtering on CVSS score. We would like more granularity there- for ex. filter for CVSS score 9.8- 10.0
2. The smart group notification does not have much details. We would like more details on the notification- based on what it is configured too alert on. For ex. if we have an advisory for systems that have vulnerabilities between a certain CVSS score (9-10), then the smart group for this advisory should notify and alert with some details.

  

nnitsitu
By
Level 2

Feature request for Smart group notification for SVM

The Smart group filters are very broad and specially for filtering on CVSS score. We would like to have more granularity here- for ex. filter for CVSS score 9.8- 10.0

 

The smart group notification does not have much details. We would like more details on the notification- based on what it is configured to alert on. For ex. if we have an advisory for systems that have vulnerabilities between a certain CVSS score (9-10), then the smart group for this advisory should notify and alert with some details.

 

 

The notification alert could contain information on details of the vulnerability, Criticality, CVSS score, Release date and number of assets vulnerable. 

PS: The notification feature in SVR would be a good example.

bkelly
By
Flexera Alumni

Thank you, can you be more specific about the type of detail you would like to see included in a Smart Group notification email?

gargmukul121
By
Level 2

I am often asked for an 'estimated effort' to resolve 'all' of the vulnerabilities within the portal but it is not clear which applications can/can't be patched within Secunia.

 
 
 
bkelly
By
Flexera Alumni

Perhaps you have SVM on-prem and have not updated yet, but we released the ability to quickly filter on items for which patches are available. If this does not satisfy your challenge, please explain further. 

filterspsvpm.png

gareth_moss
By
Level 3

@bkelly  - Thanks for the information you provided on the Vulnerability round table earlier this week.

 

Will the existing ideas/improvements be transferred over to the Flexera 'IDEAS' portal? 

 

bkelly
By
Flexera Alumni

Thank you for the kind words @gareth_moss ! And for an excellent question. I will be moving any ideas from this thread into the new "Ideas" area down the road, with the hopes that it might be done by the author's of those ideas directly. That way, you get notified of status changes, etc. (and also have a chance to elaborate on earlier requests)!

For all:

I would appreciate you posting your ideas directly so that you are the author of the idea.

General tip:

Please try to include the reason for the request-- what problem would the enhancement help to solve? Why is it important? Providing a solution without ensuring an understanding of the problem it will solve makes it harder to assign value to a request.