Flexera Software Vulnerability Manager (seen sometimes abbreviated as SVM) includes many features and one of these features is providing a curated list of patches for thousands of apps along with their vulnerability scores. In Workspace ONE UEM, you can view, validate, and assign managed, Windows 10 apps according to their score as reported by Flexera Software Vulnerability Manager.

Requirements

  • Use Flexera Software Vulnerability Manager v7.6.1.16 or 2021 R1.
  • Use Workspace ONE UEM console v2101 or later.
  • Use Windows 10 devices that are enrolled with Workspace ONE UEM and also have the Flexera Software Vulnerability Manager agent running.
  • Use SVM Patch Daemon v5.0.381 or later.

How Do You Configure Integration?

Configure your SVM Patch Daemon and work with desired apps in Workspace ONE UEM.
  1. Configure the SVM Patch Daemon with your Workspace ONE UEM credentials.
    1. Start the SVM Patch Daemon and select the Workspace ONE tab.
    2. Enter your Workspace ONE UEM instance credentials.
    3. Select the type of authentication.
    4. Provide the REST API key for the tenant hierarchy where you want to publish the patches.

      The SVM Patch Daemon displays a list of Workspace ONE UEM organization groups.

    5. Select the applicable Workspace ONE UEM organization group for your integration.
    6. Test the connection and validate the logging level on the SVM tab.
  2. Identify and publish vulnerabilities in Software Vulnerability Manager.
    1. In Software Vulnerability Manager, review the critical patches in the SPS section or in the Vendor Patch module.
    2. Identify the vulnerability to patch, and right-click the selection to create a package.
    3. Configure the packaged vulnerability with the package wizard. Select Patch Daemon as the publishing mode.
    4. Publish the package and monitor its status on the Patch Deployment Status page.
    5. Confirm the Workspace ONE environment details.
  3. View, validate, and assign apps in Workspace ONE UEM.
    Note: Consider pushing to a device test group before pushing this integration to production devices.
    1. In the Workspace ONE UEM console, go to Resources > Apps > Native and select the app type to see the apps List View.
    2. Filter the List View using the Flexera SVM attribute to see the app with its assigned criticality (vulnerability score).
    3. Validate the metadata for the app. The metadata includes installation contingencies and detection criteria converted from the app's applicability rules in Software Vulnerability Manager.
    4. Add flexible deployment assignments to the app to push to devices. The integration installs the Flexera SVM app to only those devices that match the metadata (converted applicability rules).