Jul 10, 2020
01:59 AM
Dear all, We are currently using the REST API endpoints of Flexera. The CPE information is useful to identify the exact affected products of an advisory and get these in a normalized /standardized format. Flexera SVR is providing CPE information at the "Advisory" Endpoint but not at the different "product" endpoints. May I ask you to add there this information as well? https://api.app.secunia.com/api/advisories/ https://api.app.secunia.com/api/products/ https://api.app.secunia.com/api/product-fullversion/ https://api.app.secunia.com/api/product-releases/ Thank you regards Mark https://docs.flexera.com/svm/api/Default.htm#helplibrary/API_Introduction.htm
... View more
Jul 10, 2020
01:46 AM
Dear all, I am looking for the additional data and features to get implemented Vendor patch publication date: At which date the vendor has the patch been released, This may sometimes differ from the advisory creation date Change log about the "Solution Status" field Date / Time when Flexera has imported the advisory first time into SVR Both would help to show evidences for audits and regulators in regards to sustainable patch deployments. They often refer to the advisory date but in fact if the patch becomes late available we also are late in the patch deployment. Status log changes would also help here to bring more transparency for audits reviews. Thank you
... View more
Feb 21, 2020
10:16 AM
1 Kudo
It would be helpful if you can search inside SVR with the vendor advisory number. currently it is not possible to search via RedHat Security Advisory Number. You get no results back (RHSA-xxxxx). Search via CVE works but is not as useful as when you can search via the reference number from the vendors Please add this feature, because Red Hat Enterprise Linux is a quite used platform.
... View more
Feb 21, 2020
10:13 AM
1 Kudo
We require to see in SVR which advisories from Microsoft (KBxxxx) or Redhat (RHSA-xxx) has been replaced by a newer one. This is necessary to assess which latest patch for a certain CVE have to be installed rather than installing individual patches. Microsoft wraps up certain patches / advisories into cumulative ones etc. This would be very helful because at the moment our engineering is quite busy with the assessment which KBxxxx is replaced by which KBxxxx . Examples you can get from the link below This information what is replaced by what need to be provided in a structured format i.e. through the REST API as an extension of each security advisory. Example MS Advisory KBxxxxx Thank you
... View more
Latest posts by megloff
| Subject | Views | Posted |
|---|---|---|
| 4220 | Jul 10, 2020 01:59 AM | |
| 4223 | Jul 10, 2020 01:46 AM | |
| 14821 | Feb 21, 2020 10:16 AM | |
| 14822 | Feb 21, 2020 10:13 AM |
Activity Feed
- Posted Re: We Still Want Your Ideas about Software Vulnerability Management Products! - Adding CPE Information to REST API Points on Software Vulnerability Management Forum. Jul 10, 2020 01:59 AM
- Posted Re: We Still Want Your Ideas about Software Vulnerability Management Products! - Vendor Patch Publication Date and Status Change Log on Software Vulnerability Management Forum. Jul 10, 2020 01:46 AM
- Kudoed Re: Have an idea for changing SVM and SVR? The product team wants to hear it for RDanailov. Feb 28, 2020 04:58 AM
- Got a Kudo for Re: Have an idea for changing SVM and SVR? The product team wants to hear it. Feb 21, 2020 10:30 AM
- Got a Kudo for Re: Have an idea for changing SVM and SVR? The product team wants to hear it. Feb 21, 2020 10:30 AM
- Posted Re: Have an idea for changing SVM and SVR? The product team wants to hear it on Software Vulnerability Management Blog. Feb 21, 2020 10:16 AM
- Posted Re: Have an idea for changing SVM and SVR? The product team wants to hear it on Software Vulnerability Management Blog. Feb 21, 2020 10:13 AM
