In This Space

Armor Knowledge Base  /  Release Notes  

Rapid7 Vulnerability Scanning for Armor Complete - FAQs

Review the following Frequently Asked Questions (FAQs) to learn about the patching and vulnerability scanning updates for Armor Complete users. 

In short, what is changing?

On September 4, 2019, in relation to AMP 2.63, Armor Complete users will now utilize a new vulnerability scanning service provided by Rapid7. 


What does this new service provide?

Every week, a new scanning report will display in AMP. You can review the details of this report to view which vulnerabilities have been detected in your environment. With this information, you can perform your own patching and other troubleshooting activities.  

Every week, a new report will be displayed and accessible from the Vulnerability Scanning screen. 

When you select a report, you can view details based on affected virtual machines, or based on detected vulnerabilities. 

You can select a detected vulnerability to view patching information. 

What will happen to the existing Patching screen? 

The Patching screen will be deprecated and replaced by the newly launched Vulnerability Scans screen. 

The Vulnerability Scans screen will provide a more useful security experience, including:

  • Detailed information about detected vulnerabilities
  • Instructions for remediation
  • Confirmation of successfully applied patches 


With this new experience, why am I seeing more vulnerabilities than previously reported on the deprecated Patching screen?

The deprecated Patching screen was dedicated to reporting outstanding OS patching information. 

The replacement experience (powered by Rapid7) not only reports the same information, but also provides insight into vulnerabilities detected against applications running on the same machine, along with richer details, including an overview of the vulnerability, references, and path to remediation.


Who is responsible for remediating the vulnerabilities reported in the new experience?

As noted in the Armor Complete Shared Responsibility document, both Armor and the customer are responsible, depending on the type of vulnerability:

  • Armor: Responsible for OS-level patching for using pre-defined schedules (ex: WSUS schedules for Windows machines).  For example, a Microsoft-reported Windows patch would fall into this category. To learn the schedule for particular virtual machines or make adjustments, please contact Armor Support. 
  • Customer: Responsible for application-level patching on each virtual machine.  For example, a vulnerability for Adobe Flash or Microsoft SQL Server would fall into this category


How does the new experience determine the severity of detected vulnerabilities? For example, what is the difference between Critical vs. High?

The Vulnerability Scans screen also displays severity levels for each detected vulnerability. A severity is assigned to a vulnerability based on the Common Vulnerability Scoring System (CVSS). CVSS is the accepted system to rate the severity status of a vulnerability. To learn more, please see the National Vulnerability Database website. 

More information on how CVSS's scores correspond to severities displayed in the Armor Management Portal (AMP), review the Vulnerability Scanning (Armor Complete) documentation. 


What is the cost associated with this new vulnerability scanning service?

There is no charge. This service will be included as a default service to all Armor Complete users. 


Will the previous vulnerability scanning service (Coalfire Navis) be deprecated or removed?

No. For Armor Complete users subscribed to Coalfire Navis, that service will continue to operate. In AMP, on the Vulnerability Scanning screen, there will be two tabs available for these two vulnerability scanning options: Compliance (for Coalfire Navis) and Vulnerability Scans (for Rapid7). 


Why are both vulnerability scanning options being offered together?

Each option provides a different service; with Coalfire Navis, you receive compliance-related features, and with Rapid7, you receive detailed vulnerability reports with patching-related information. 


CompliantReportsFreeConfigure / schedule a scan
Navis CoalfireYesNoNoYes
Rapid7NoYesYes

No

The reports are scheduled to compile results every Sunday at 10pm, local server time.


How do I add this new vulnerability scanning service to my account?

With this release, Vulnerability Scanning (with Rapid7) has already been added to your account, with a report already generated. You can access the Vulnerability Scans tab in the Vulnerability Scanning screen to view a report. 


Do I need to update my firewall rules? 

No. To accommodate this service, Armor has already updated firewall rules for Armor Complete users. 


Will any APIs be removed? 

Yes. The following APIs will be deprecated:

  • Get Packages Status
  • Get Packages 

The Armor Knowledge Base will be updated to reflect these API changes. 

Will any new APIs be introduced? 

While new APIs have not been created, Armor Complete users can now utilize APIs that were previously specific to Armor Anywhere users:

  • Get Vulnerability Scans
  • Get Vulnerability Scan Reports
  • Get Vulnerability Scan Details for a Report
  • Get Vulnerability Scan Details for a Vulnerability
  • Get Vulnerability Scan Report
  • Get Vulnerability Scan Date 
  • Get Vulnerability Scan Statistics 
  • Get Vulnerability Scan Statistics for a Report
  • Get Vulnerability Scan Scoring Details 
  • Get Vulnerability Scans Data for Affected Virtual Machines

To learn more, review the Vulnerability Scanning APIs in NOT PUBLISHED Security API Calls


What other changes will take place after the Patching screen is deprecated? 

  • While the Patching screen will remain visible in AMP, if you click on Patching, you will be redirected to the newly released Vulnerability Scanning screen. 
  • The Get Overvall Security Status API call (/core/security-dashboard/stats/overall) will be updated. In the return, the following patching-related values will return as null: 
    • osPatchingOkStatus
    • osPatchingWarningStatus
    • osPatchingCriticalStatus
  • The following Armor API calls will initially be retired, and then deprecated: 
    • GET /core/packages/{coreInstanceId} 
    • GET /core/packages/counts 
    • GET /core/packages/gettotalstatus 
    • GET /core/packages/pending 
    • GET /core/packages/status 
    • POST /core/packages/ 
    • POST /core/packages/installed 
    • POST /core/packages/updatecount 
    • POST /core/packages/updates 
  • In a future release, the Armor Agent will be updated to remove any remaining patching functionality from corresponding machines. 




Was this helpful?
Your Rating:
Results:
1 Star2 Star3 Star4 Star5 Star
1 rates

  • No labels

This page has no comments.