SaltStack SecOps Vulnerability is a vulnerability remediation solution. It allows Security and IT teams to work together to assess the vulnerability status of your systems against the latest security advisories, including those that reference Common Vulnerabilities and Exposures (CVE). After scanning and detecting advisories, SaltStack SecOps Vulnerability can then remediate any advisory that has an available repair package. You can optionally exempt certain advisories or assets to customize your vulnerability management strategy around other existing security controls.

SaltStack SecOps Vulnerability also supports importing security scans from third-party vendors, and remediating those advisories on impacted assets if a remediation is available. This currently includes imported scans from Tenable, Rapid7, Qualys, and Kenna Security, with a built-in API connector for importing from Tenable.io.

SaltStack SecOps Vulnerability provides various vulnerability reporting options. It includes a quick, printable dashboard view to help assess your vulnerability trend over time. See Protect dashboard for more information. Following a scan, you can access a downloadable list of all detected vulnerabilities, along with their corresponding advisory name, severity, vulnerability score, and affected assets. See Assessment results for more information.

As a SaltStack Config add-on, SaltStack SecOps Vulnerability goes beyond assessment, and takes advantage of Salt to actively remediate vulnerabilities while also giving you full control over what to remediate and when.

Overview of using SaltStack SecOps Vulnerability

This overview describes how to use SaltStack SecOps Vulnerability in the SaltStack Config user interface. However, you can also use it through the API (RaaS). See the API (RaaS) RPC endpoint documentation or contact an administrator for assistance.

The general steps to use SaltStack SecOps Vulnerability are as follows:

  1. Define a security policy. Add the minions you want to target in an assessment and determine the assessment’s run schedule. See Creating a policy for more information.
  2. Scan your systems against the security policy. When running an assessment, the targeted assets are scanned against the latest advisories. SaltStack SecOps Vulnerability also scans for packages that can repair the advisories. When the assessment is complete, SaltStack SecOps Vulnerability displays the current advisories for the targeted nodes and indicates their severity level. See Running an assessment and Updating the vulnerability library for more information.
    Note: As an alternative to running an assessment, you can import a security scan from a third-party vendor into SaltStack SecOps Vulnerability. This includes imported scans from Tenable, Rapid7, Qualys, and Kenna Security, with a built-in API connector for importing from Tenable.io.

    When you import a scan, SaltStack Config matches your minions to the nodes that were included in the scope of the scan. It then lists the advisories identified by your third-party tool. At this point, you can use SaltStack SecOps Vulnerability to remediate the advisories if a remediation is available. See Importing a third-party security scan for more information.

  3. Remediate advisories as needed. In the assessment results, select which advisories to remediate or remediate by a specific minion. During the remediation, all packages that are part of that advisory are applied to the selected nodes. You can remediate all advisories at once or you can remediate a specific advisory, a specific minion, or set of minions as needed. See Remediating advisories for more information.
    Note: Remediating advisories on Windows nodes requires additional configuration and remediation steps. See Remediating Windows advisories for more information.
  4. (Optional) Exempt certain advisories or assets from remediation. You can customize your security policy to exclude certain advisories or minions if needed. Exemptions give you the flexibility to balance security compliance against exceptions for your organization’s unique needs. See Adding exemptions for more information.

After remediating an advisory, you must run another assessment to verify the remediation was successful.

Accessing the SaltStack SecOps Vulnerability workspace

To access the Vulnerability workspace, click Vulnerability > Policies in the side menu.

In the Vulnerability workspace, you can view your Vulnerability dashboard. Any security policies you have created will also appear below the dashboard.

Viewing and printing your Vulnerability dashboard

The Vulnerability workspace shows an overview of your Vulnerability activity across your security policies. This dashboard is useful for sharing statuses with others, and assessing your vulnerability management strategy over time.

Your Vulnerability dashboard shows an overview of your vulnerability status. It includes various metrics, as well as a list of known vulnerabilities and details about each. See Protect dashboard for more information about the dashboard’s metrics.

To print your Vulnerability dashboard or to save it to PDF format:

  1. Click Vulnerability > Policies in the side menu.
  2. In your web browser menu, select Print.

Defining SaltStack SecOps Vulnerability permissions

To restrict access to the Vulnerability workspace and its associated tasks, use the Roles editor. See Roles and permissions for more information.

SaltStack SecOps Vulnerability phases

The following articles explain how to complete various tasks in each phase of using SaltStack SecOps Vulnerability: