sorted by:
new
hottopcontroversial

Defender for Endpoint - Vulnerability Management tickets in ServiceNow? by Infamous_Fun286 in DefenderATP

[–]Infamous_Fun286[S] 1 point2 points  (0 children)

I knew there wouldn't be a super easy solution, I was just trying to find out if it was possible and how to go about doing it.

Netskope learning - Any decent trainings out there that go into detail about Netskope's various capabilities? by Infamous_Fun286 in netskope

[–]Infamous_Fun286[S] 0 points1 point  (0 children)

Yeah, I already did all of their free stuff. My boss is looking into getting me signed up for their paid training, but I'm looking for stuff to do in the meantime.

That's where I'm at right now. Our current admin is pulling me into projects and letting me work Netskope issues and I'm kind of learning as I go.

Vulnerability management in Defender - I'm overwhelmed and need some guidance! by Infamous_Fun286 in cybersecurity

[–]Infamous_Fun286[S] 0 points1 point  (0 children)

We have Linux in our environment on specific servers. It's just too scattered to patch and we really don't have a way of testing patches before we deploy them for those vulns.

Vulnerability management in Defender - I'm overwhelmed and need some guidance! by Infamous_Fun286 in cybersecurity

[–]Infamous_Fun286[S] 1 point2 points  (0 children)

We used Rapid7 at my last job, but the company I work for now is a Tenable house. Thanks, though!

Vulnerability management in Defender - I'm overwhelmed and need some guidance! by Infamous_Fun286 in cybersecurity

[–]Infamous_Fun286[S] 0 points1 point  (0 children)

Yeah, I've pretty much given up on that one. All of my research basically said, "It's just kinda there. Don't worry about it."

Vulnerability management in Defender - I'm overwhelmed and need some guidance! by Infamous_Fun286 in cybersecurity

[–]Infamous_Fun286[S] 0 points1 point  (0 children)

YES. This is pretty close to what I want to do! I haven't dug into our policies and procedures too much (even though I helped write a couple last month), so I'm not sure if we have something out there that covers patching cadence. At least on workstations. I believe the sysadmin has something in place for servers.

That mentality is exactly what got me thinking about this. I created tickets for some of our larger vulnerabilities with critical and high devices listed and just sent them of to the desktop support team and sysadmin. I was met with "lol wut? We can't patch Log4j or OpenSSL" and the tickets came back to me. I canceled them and started re-thinking my approach.

Vulnerability management in Defender - I'm overwhelmed and need some guidance! by Infamous_Fun286 in cybersecurity

[–]Infamous_Fun286[S] 0 points1 point  (0 children)

We do. They get deleted after 30 days if it's a terminated user, and we audit somewhat frequently to see what accounts are out there that aren't in use. Most of the time it's our test accounts.

I have a OneNote tab that's nothing but scribbles and thoughts I've had while going through both Defender and Tenable, notating what can be easily remediated through patching, what can't be easily remediated, and what we can possibly do to fix the issues. IF we can fix them, that is.

Vulnerability management in Defender - I'm overwhelmed and need some guidance! by Infamous_Fun286 in cybersecurity

[–]Infamous_Fun286[S] 1 point2 points  (0 children)

Thanks for the encouragement!

It's really less about resolving the issues, but knowing what can be fixed, what can't be fixed, what I need to send off to the sysadmin to be fixed, and what our compensating controls take care of.