About Shoggi

Shoggi · ‎Jul 28, 2022

Great news specially with the tracking option as this was a gap always to know what we did and the status of it 😀

Shoggi · ‎May 24, 2022

Does this also work on the new page with IE11 mode or it have to stay on the legacy one? https://csi7.secunia.com - old https://svm.flexera.com cheers Lukas

Shoggi · ‎Jan 13, 2022

@Howardmp We only deploy all Redhat this Friday the new agent. The 7.6.0.18 was able to find already log4j1.2. We will only see if more comes in after 7.6.0.19 went out. Mac, we not really use and only limited scope. Lukas

Shoggi · ‎Jan 12, 2022

@ChrisG , @cdubs76 , I think our all issue is that log4j 1.x is EOL since 2015. That does not help either to argue always 1.x is secure @logging.apache.org/log4j/1.2/

Shoggi · ‎Jan 11, 2022

@Howardmp Evening, advisory and products in cloud instance will update on 7.6.0.19 agents scanning finding an log4j install and 1.x as EOL and 2.17.x or lower as secure or insecure. cheers lukas

Shoggi · ‎Jan 05, 2022

@Howardmp Hi, you need 7.6.0.19 client for it to enable the log4j scans. The cloud update is done but agent need update to turn it on. Lukas

Shoggi · ‎Dec 16, 2021

SVM can't scan on *.jar files. This way log4j on Windows won't be found. Only RedHat. We had a support ticket on SVM to clarify situation. This way in SVM you would only find it if e. g. IBM issue a CVE to fix their product which contain log4j to a newer version of their platform. If they publish only to change xy config file that won't appear in SVM at all. This way no chance ot use this. We end up to write a script and search for log4j* via SCCM on all our end points and servers and monitor software vendors articles. The tricky part is also the above is an option but if the dll is embedded in their code you won't be able to find it with our above method either.

Shoggi · ‎Dec 13, 2021

Dear team, we try to cover us for above with SVM. We know RedHat is covered in SVM but nothign on Windows OS. We tried to download their sources but there is only *.jar and non of them have a signed certificate etc. What are our options to find insecure apps/services on servers or endpoints on MS OS using SVM? Lukas

Shoggi · ‎Dec 13, 2021

Can we get a statement what SVM supports or does not support in products and detection rules please?

Shoggi · ‎Sep 29, 2021

@bkelly great news on the UI. We would like to see it upfront if possible.

Shoggi · ‎Mar 12, 2021

@bkelly , do I miss anything? Status page have nothing about SVM scheduled. https://status.flexera.com/ and the SVR was only published yesterday. SVM is nothing yet in relation to this enhancement.

Shoggi · ‎Mar 11, 2021

@bkelly , I see SVR was updated. https://community.flexera.com/t5/Software-Vulnerability/SVR-March-2021-Update/ba-p/183720 SVM coming as well 5pm 🙂 so we wait

Shoggi · ‎Mar 11, 2021

Do we have any time when this will be activated on tenant/cloud level? UK time, US time etc?

Shoggi · ‎Jun 04, 2020

HI, not sure when the beta enhancement page will be available to all again. This way going back to the old way of communicate. We have the problem that we installed the Daemon to perform scheduled reports. That is a great option. But we want to export the data e. g. weekly or monthly and keep the previous version. The export option does not support any wildcards in the file name e. g. DD-MM-YYYY or anything which would have a fixed value and a dynamic value. This way we can run the same export scheduled without override on our export source. We end up now to have a scheduled task to move data away which is annoying. Regards Lukas

Shoggi · ‎May 19, 2020

Great to see that you listen to customer voice 🙂 Thanks for approving the enhancement.

Online Status	Offline
Date Last Visited	‎Jan 31, 2023 01:58 PM

Re: SVM July 2022 Update

Re: Flexera SVM and Microsoft Internet Explorer EoSL

Re: SVM December Update for Log4j Detection

Re: Flexera’s response to Apache Log4j vulnerabilities CVE-2021-4104, CVE-2021-45046, CVE-2021-45105...

Re: SVM December Update for Log4j Detection

Re: SVM December Update for Log4j Detection

Re: Identifying Apache Log4j JNDI Vulnerability “Log4Shell” (CVE-2021-44228, CVE-2021-4104)

Security Advisory: Log4j Java Vulnerability (CVE-2021-44228)

Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-44228)

Re: SVM September Update

Re: New and Improved Threat Scores in SVM and SVR

Re: New and Improved Threat Scores in SVM and SVR

Re: New and Improved Threat Scores in SVM and SVR

Re: We Still Want Your Ideas about Software Vulnerability Management Products! - Scheduled Exports -...

Re: Upcoming Changes in the Tracking of the "Microsoft Edge" Product (June 2nd, 2020)

Re: SVM July 2022 Update

Re: Flexera SVM and Microsoft Internet Explorer EoSL

Re: SVM December Update for Log4j Detection

Re: Flexera’s response to Apache Log4j vulnerabilities CVE-2021-4104, CVE-2021-45046, CVE-2021-45105...

Re: SVM December Update for Log4j Detection

Re: SVM December Update for Log4j Detection

Re: Identifying Apache Log4j JNDI Vulnerability “Log4Shell” (CVE-2021-44228, CVE-2021-4104)

Security Advisory: Log4j Java Vulnerability (CVE-2021-44228)

Re: Security Advisory: Log4j Java Vulnerability (CVE-2021-44228)

Re: SVM September Update