Filtering software by vulnerability in Fleet

Introduction

Fleet has introduced a powerful new feature that allows you to filter software by its associated vulnerabilities, helping you prioritize patches more effectively. Whether you're managing hundreds or thousands of software titles, this feature makes it easier to identify and address the most critical vulnerabilities in your environment.

This filtering capability is particularly useful in environments where patch management is critical to your security posture. By filtering software based on vulnerability severity and known exploits, you can first ensure that the most critical issues are addressed, enhancing your overall security strategy.

Prerequisites

• Fleet version 4.56 or later
• Premium users have access to advanced filters by severity level and known exploited vulnerabilities

Filtering software by vulnerability

1. Navigate to the Software page: In your Fleet dashboard, go to the Software tab. This will display a list of all the software detected in your environment.

2. Filtering by vulnerability name: You can use the search bar to filter software by its name or by a CVE vulnerability name associated with it.

3. Add filters: Click on the Add Filters button. This will open options for filtering the software list based on specific criteria.

4. Choose severity level: From the dropdown menu, select the Severity level of vulnerabilities you're interested in. This allows you to focus on software with the highest severity of vulnerabilities, such as "Critical" or "High."

5. Toggle "Has known exploit": You can refine your filter by toggling the Has known exploit option. This will filter the software list to show only those with vulnerabilities that have known exploits, enabling you to prioritize these for patching.

6. Review filtered results: Once you've applied your filters, the software list will update to show only the software that meets your criteria. This filtered view will help you prioritize which software needs immediate attention in your patching strategy.

Filtering software by vulnerability on the Host details page

In Fleet version 4.66 or later, the same vulnerability filtering functionality is available on the Host details page. To access this:

1. Navigate to the Hosts page: In your Fleet dashboard, go to the Hosts tab.

2. Select a host: Click on a particular host to view its details.

3. Access the Software tab: On the Host details page, click on the Software tab. This will display a list of all software detected on the host.

4. Filter software: Follow steps 3 through 6 from the previous section to filter software by severity, known exploit, etc.

Using the REST API to filter software for vulnerabilities

Fleet provides a REST API to filter software for vulnerabilities, allowing you to integrate this functionality into your automated workflows. You can use the REST API documentation for vulnerabilities to get started, and the get host's software endpoint to retrieve software information for specific hosts.

Conclusion

The new software filtering feature in Fleet makes it easier than ever to manage vulnerabilities in your software environment. You can better protect your organization from potential threats by prioritizing patches based on severity and known exploits. Explore the API capabilities to integrate this feature into your broader security workflows.

For more tips and detailed guides, don’t forget to check out the Fleet documentation.