bkelly
Moderator Moderator
Moderator

[Update: Please Use Ideas Portal Beginning December 2020] We Still Want Your Ideas about Software Vulnerability Management Products!

[IMPORTANT UPDATE: 9 December 2020] Great news - Our Flexera customer and partner community now have a direct opportunity to share ideas and participate in future feature planning.   Learn more and add your ideas via the Ideas Portal moving forward. Please note if you have added an idea to this discussion, we will migrate the idea to the new portal and notify you once it's been done. Thank you to everyone for active participation! 

---------------------------------------------

You may notice that we don’t currently have a replacement for the Ideas functionality here in the new community. This is temporary-- we are planning to launch ideation as a feature of this new community later this summer. In the meantime, please this discussion forum to continue to provide product feedback on Software Vulnerability Manager (SVM) and Software Vulnerability Research (SVR). Please don’t worry about reposting ideas you may have previously submitted; when the ideation capability is reintroduced here it will include any feedback you may have previously provided.

Labels (1)
83 Replies
bferring
Moderator Moderator
Moderator

I recently had a customer that suggested the following enhancements, most around blacklisting:

  • Would like to schedule the DB cleanup to cleanup aged scan results rather than manually having to do this every month
  • Would like to add the ability to right-click and add a file path to blacklist
  • Blacklist report to be able to review just in case
  • Ability to import/export a blacklist and have a global blacklist for all users
  • Randomization of agent scans from 60 minutes to 120 minutes to avoid 500 errors during heavier scan times
Bill Ferring
Principal Consultant: Flexera One - FNMS - FNMforSAP - FNMEA - SVM/SVR - SaaS Manager

Thanks Bill. I appreciate you passing these on, particularly the blacklist related items. As for the others, is there something beyond what we currently offer that the customer was looking for beyond our current functionality?

As for the Database Cleanup, they want to be able to schedule say a 30 day cleanup to run weekly without having to go in and manually click Execute Now (remove the manual process).

 

As for the scan randomization, the upper limit is 60 minutes, but even with 60 minutes, some of their scans will error out when trying to upload scan results with a HTTP 500 error (during heavy scan volume). They're using the in-memory CLI scan method via SCCM using -si 60. They scan over the weekend within certain windows (they do not want to scan on weekdays). I had suggested they could break the scan groups up further, but they're already broken up into 3 collections to eliminate some of the errors with results not reporting back to the cloud. The simple fix in their opinion would be to have the option to randomize over 2 hours (or 3 hours...have a higher upper limit).

Bill Ferring
Principal Consultant: Flexera One - FNMS - FNMforSAP - FNMEA - SVM/SVR - SaaS Manager

Thank you for the additional details!

0 Kudos

Are they on the current version of the app? The more recent "delta" scan logic might also help with this if they are on an older version. Could see if switching off agent polling helps as well. This was introduced in the R5 release.

https://helpnet.flexerasoftware.com/csionprem/2018R5rn_oct2018/SVM2018_R5_On_Premises_Edition_Releas...

Not 100% sure but they most likely need the R5+ agent as well.

Very Good point, Agent polling can ease up the burden and also the timing of a scan for quicker processing.
Regards,
Rosen
"To understand where a system breaks, one should think like the person who built it"
0 Kudos
sebastien_dorc
Occasional contributor

Do you plan to support the monitoring of network devices, such as firewalls, routers, etc?

0 Kudos

Hi @sebastien_dorc,

The "Software Vulnerability Research" product by Flexera provides scan-less tracking of each one of the 61K+ software products supported in our Vulnerability Tracking Database. Large chunk of the products in the supported list is made of firmware and software for security devices such as Firewalls, Proxies, Cisco Routers, all-in-one security appliances, and all sorts of high-end business applications from all major vendors.

Check this page:
https://www.flexera.com/products/operations/software-vulnerability-research.html

If you are interested to know more, feel free to drop me a community message (hover over my name for options) and I will connect you to one of our representatives that can provide a demo or more details about it. 
Cheers,

Regards,
Rosen
"To understand where a system breaks, one should think like the person who built it"
0 Kudos

As @RDanailov says, we do provide research on such devices (SVR), we do not have any current plans to assess where these are applicable and require updates the way we do for software on Windows, Mac and RHEL. 

0 Kudos
RDanailov
Flexera
Flexera

Hi @bkelly,

In the SVR product, the ticketing system is not user-specific.
We show the total number of tickets for all users; regardless of their Roles/Groups. Thus, sub-accounts with restricted view to specific queues would anyway see the total number of tickets under root. 

A customer of ours pointed this out and requested us to change this accordingly. 
Ideally, when the user is restricted to a particular view, he should see the ticket count that he has rights to see. 

They have multiple teams who work with different ticket queues. An engineer from one team cannot see the tickets of the other teams by default.  When engineers go to the ticket manager, the number of tickets on the top is very confusing. The ticket number is for all tickets even though the user cannot really see those.

Tagging: @fh_open_ch 



Regards,
Rosen
"To understand where a system breaks, one should think like the person who built it"
0 Kudos
segilbert70
Occasional contributor

@bkelley We migrated to SVM Next last fall and there are some features I really miss from the "on-prem" version. 1. On the Patching Tab, it used to show how many machines/installs were affected by each patch. Now, I have to go back to the Assessment tab or the Dashboard to see that information again. 2. The ability to *see* what paths that the patch would target. How do we know what the cloud version patches are hitting? Do I have to manually add all the paths that come up in Assessment to make sure they are being addressed? 3. DB cleanup was much easier for a large number of hosts. In the cloud, having to manually click and delete thousands of machines at a time (my company does ~3K PC refreshes a month) is a non-starter. (Support has provided me with a script that make it a lot easier, but I can't imagine I am the only one with this issue) Thank you for providing a workaround for the Ideas page missing.

We migrated to SVM Next last fall and there are some features I really miss from the "on-prem" version.

Conversely, would you mind sharing what things about SVM Next encouraged you to move away from SVM 2019 (which is also available in the cloud)?

1. On the Patching Tab, it used to show how many machines/installs were affected by each patch. Now, I have to go back to the Assessment tab or the Dashboard to see that information again.

Some differences in how SVM Next maps patches to assessment make this non-trivial but I understand the request and will consider what might be done to address it. 

2. The ability to *see* what paths that the patch would target. How do we know what the cloud version patches are hitting? Do I have to manually add all the paths that come up in Assessment to make sure they are being addressed?

We automatically include all matching paths, and add default paths too, but as you point out there is no good way to see this in SVM Next.  The Daemon logs have the information, but it is not exposed in the user interface. It can also be found on the WSUS server, but is not easy to see. There are some timing issues in that all paths are not known when a template is created as they are dynamically assigned upon deployment. All this to say it is not as trivial a request as it may seem but will be considered. 

3. DB cleanup was much easier for a large number of hosts. In the cloud, having to manually click and delete thousands of machines at a time (my company does ~3K PC refreshes a month) is a non-starter. (Support has provided me with a script that make it a lot easier, but I can't imagine I am the only one with this issue).

Multi-select would still be onerous, I think a script is the way to go when it comes to large bulk operations. The script is documented and supported. We automatically clean up hosts that have not reported in 90 days, which is the most common ask, beyond this we'll lean on our documented API to handle such operations. 

Thanks again for taking the time to provide this valued input.

0 Kudos
segilbert70
Occasional contributor

Conversely, would you mind sharing what things about SVM Next encouraged you to move away from SVM 2019 (which is also available in the cloud)?

The choice was made by my predecessor, but I believe it had something to do with API capabilities.

 

We automatically clean up hosts that have not reported in 90 days, which is the most common ask, beyond this we'll lean on our documented API to handle such operations. 

Really?  I was not seeing that.  Regardless, between PC refresh, and hot swaps for repairs, we are doing about 3000-4500 change outs a month.

 

 

@segilbert70 

SVM Support Team has several API scripts that can be used to clean up stale hosts from account database in specific cases such as yours is. As the 90 days default cleanup period may come too long to wait for purging stale entries, do feel free to open a support case with us and we will gladly share our API scripts with you, to help you automate cleanup procedures in a more frequent manner. Would this be of any help to you?


Regards,
Rosen
"To understand where a system breaks, one should think like the person who built it"
0 Kudos
mgu_jndata_dk
Occasional contributor

Report enhancement ideas:

-> emailed report should include report name in the email subject

-> attached report zip file should also include report name

-> SVM should be able to send report to an email without providing login credentials

 

 

Great suggestions, thank you!
0 Kudos
henry_kumagai
Occasional contributor

For SVM, the ability to import hosts (or other items) from a list to Smart Groups -- Recently I created a group of 70 hosts. It was a very manual process of 1) searching for a hostname 2) clicking the check box to add to group 3) repeat 69 times.

I would like to create Smart Groups with more hosts, but don't want to do it manually. Importing from a list would make it much easier. The ability to leverage Active Directory security groups or SCCM collections to create smart groups would be awesome too.

ScottDonofrio
Occasional contributor

Idea: Ability to view custom actions by type.

I'd like to submit an idea to enhance the Custom Actions and Sequences view. I have dozens of custom actions, and while they are listed in alphabetical order, it is still hard to find some of them, especially if you don't know or remember what they are named.  A solution to this problem would be to add a custom action filter to view custom actions by type. Since I always know what type of custom action I am looking for, this would be the easiest way to locate it. If I'm looking for a Set Property custom action I should be able to filter only Set Property CA's and they would then display in alphabetical order.

Hi @ScottDonofrio ! Please correct me if I'm mistaken, but this seems like feedback for InstallShield (perhaps as part of AdminStudio) but not Software Vulnerability Manager (SVM). Please confirm and we can move this to the appropriate forum.
0 Kudos

Hi @bkelly 

We've got a user suggestion at the Forums which I wanted to transfer here for visibility purposes.
See https://community.flexera.com/t5/Software-Vulnerability/Software-Vulnerabilty-Manager-SVM-login-user...

I've provided a workaround to the user, but it would be great to have this improved by default. This enhancement relates to allowing users to use best-security practices with SIEM solutions and avoid copied passwords and usernames into the Clipboard/RAM. 

Regards,
Rosen
"To understand where a system breaks, one should think like the person who built it"
0 Kudos