Management and Security powered by Landesk

Custom security definitions overview

In addition to the known vulnerabilities that you can update via the Patch and Compliance tool, you can further ensure successful remediation by creating custom, user-defined definitions—complete with custom detection rules, associated patch files, and special additional commands.

Vulnerability definitions consist of a unique ID, title, publish date, language, and other identifying information, as well as the detection rules that tell the security scanner what to look for on target devices. Detection rules define the specific platform, application, file, or registry conditions that the security scanner checks for to detect a vulnerability (or practically any system condition or status) on scanned devices.

You can use custom vulnerability definitions to implement an additional, proprietary level of patch security on your Ivanti system. In addition to enhancing patch security, custom vulnerability definitions can assess system configurations, check for specific file and registry settings, and deploy application updates to take advantage of the scanning capabilities of the vulnerability scanner.

NOTE: Creating custom blocked application definitions
You can also create your own custom definitions for the blocked application type. From the Type drop-down list, select Blocked Applications. Click the New Blocked Application button in the toolbar. Enter an executable filename and a descriptive title for the definition, and then click OK.

Custom definitions don't necessarily have to perform the remediation actions of deploying and installing patch files. If the custom definition is defined with a Detect Only detection rule or rules that can only be detected by Patch and Compliance, the security scanner looks at targeted devices and simply reports back the devices where the rule's prescribed condition (i.e., vulnerability) is found. For example, you can write a custom Detect Only rule for the security scanner to check managed devices for items such as the following:

Application existence

File existence

File version

File location

File date

Registry setting

For information about creating or importing and exporting security definitions, see the following sections:

Create custom security definitions

Import and export custom definitions

 


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other