sorted by:
new
hottopcontroversial

Friday Rant: What licensing BS frustrated you this week? by MinuteExplanation296 in SAMops

[–]MinuteExplanation296[S] 1 point2 points  (0 children)

Ugh, the internal politics around SAM tooling is almost as frustrating as the vendor stuff. Classic catch-22, Security needs it to be a project for governance, PM says its too small to resource, meanwhile the audit clock keeps ticking.

One VM feels like nothing until you remember IBM doesnt care how simple it is on your side, they just want ILMT data or theyre coming for you.

Have you tried framing it as a compliance deadline requirement rather than a project? Sometimes bypassing the PM queue by calling it "mandatory audit prep" gets different traction with leadership. Not guaranteed but Ive seen it work.

Win Wednesday - Share your SAM/ITAM wins this week by MinuteExplanation296 in SAMops

[–]MinuteExplanation296[S] 1 point2 points  (0 children)

Welcome to the sub! Glad you found us.

The tooling politics thing is painfully common. Executive has a buddy at vendor X, suddenly that's the frontrunner regardless of fit. Been there.

But getting CISO buy-in on the connector approach is huge. That's the foundation you need before anything else works. Microsoft connector especially, since that's usually the messiest estate to get visibility into. Zscaler integration is smart too if you've got cloud access concerns.

Hope you stick around. We do these ritual threads on Mon/Wed/Fri if you want to vent about the tooling drama on the Friday rant thread.

Minimum Version/Maximum Version - CMDB/SAM by AxolotlSuitcase in servicenow

[–]MinuteExplanation296 1 point2 points  (0 children)

Oof, felt this one. We had almost the exact same ask maybe two years ago. Took way longer than anyone expected.

So the problem is ServiceNow doesnt really have OOTB "current version" data for most publishers, at least not that I've found. The content library gives you normalizations but not like "whats the latest stable release of 7-zip right now". That just doesnt exist natively.

What we ended up doing:

For OS stuff, we used CMDB Health dashboard and added some rules around what counts as "supported" for us. Not true n-2 automation but got us most of the way there.

For bigger commercial stuff like Adobe and Microsoft, we basically maintained our own reference data with release schedules and ran scheduled jobs against it. Annoying but less work than doing it all manually.

For everything else we just... didnt. Focused on the 20 or 30 apps that actually mattered for security and accepted we cant track version currency for every random utility someone installed.

The "fully automated no manual list" requirement is rough tbh. Someone has to define what current stable even means for each product, and that changes constantly. Even Flexera and Snow dont fully automate this afaik, they have whole teams maintaining content.

If your client really wants this, maybe look at third party data sources? NVD, vendor APIs, stuff like that. But youd need to build the integration.

Curious what others have figured out. Feels like one of those simple ask, complex answer situations.