The Vulners team finally officially released own Splunk plugin. Why do you need SIEM + scanner? When you only need to use one less product!
Many modern companies use several vulnerability solutions with different consoles/ interfaces/etc. Vulnerability scanners are an important part of the ongoing information security process. Splunk plugin from Vulners will save your eyes from viewing tons of scanner consoles.
Anyone can install the free version of the Splunk plugin: https://splunkbase.splunk.com/app/5146
Let’s start testing!
The need to install the patches, especially those that are aimed at the security update that is mentioned a lot and often. If you enter “Patch Management Policy” in any search engine, the output will be about 100 million results, which can be used to track the first active discussions that began as far back as 2006. In early 2007, SANS published a document called “Patch Management. Part of standard operations…”, which explains quite clearly what patch management is and why it is needed.
Moreover, it is explained in a language that is accessible not only to a technical specialist, but also to a manager who is far from it. The more modern document “NIST Special Publication 800-40 Revision 3. Guide to Enterprise Patch Management Technologies” dates back to 2013 and still emphasizes the need for critical updates. Even so, the ISO/IEC 27001:2015 standard contains subsection 12.6. “Managing technological vulnerabilities”, the purpose of which is to prevent the use of detected vulnerabilities.
Practice shows that many problems could be avoided by building a vulnerability management process. Vulnerability management is the basic need of any company. Now a huge number of recommendations and manuals on the prevention of disasters of various sizes have been written.
Timely updating of Linux systems is very important!
One of the simple and well-known examples is the Dirty COW vulnerability CVE-2016-5195. This vulnerability existed from 2007 to 2016 and allows a local user privilege escalation via copy-on-write mechanism.
On our page with this vulnerability you can find a lot of news about its exploitation in the wild and ready-made exploits. In our digests, we also publish information about new serious vulnerabilities for Linux systems and others products.
Using Vulners plugin
Plugin is available for free and commercial Splunk versions. Vulners team prepared great promo video with detailed install instructions:
After successful installation, you will have access to the following informative dashboard from your console:
More about usage:
By default forwarder is sending information about packages hourly or right after restart. To see collected packages run search.
Vulners application is running audit script automatically at 9 o’clock in the morning. Alternatively you can hit saved search.
| savedsearch vulners_report
If you only use the free version and 20-30 servers, then it will be enough for you to conduct a daily audit (1 request per day). You can always specify request’s time to your service and audit your Linux systems.
If after testing the plugin you have any questions, then you can contact us.
You are welcome!
Feedback -> here