Lab 10: Vulnerability Patching

Scenario

Security and Operations teams collaborate to maintain system security through vulnerability scans and manual patching, but often hindered by tool disparities and workflow misalignment. The SecOps Automation platform automates scanning, patching at scale, and provides real-time vulnerability insights. You’ll learn how to use Automation for Secure Hosts (SecOps add-on for Automation Config) to manage vulnerabilities effectively.

Task A. Create Policy

  1. Click Vulnerability > Policies from the side menu
  2. Click CREATE POLICY button to create a new policy
  3. In the New Policy page:
    • Input the following details
      • Policy name = Vulnerability Assessment for Ubuntu (the job you have created in the previous task)
      • Targets = Ubuntu
      • Select Not scheduled (on demand)
      • Leave Run assessment on save unchecked Create Policy
    • Click SAVE button

Task B. Run Assessment

  1. (Optional) Click Vulnerability > Policies from the side menu
  2. (Optional) Locate and click Vulnerability Assessment for Ubuntu to open the policy you created
  3. Click RUN ASSESSMENT on the top right corner
    • In the pop-up dialog
      • Click RUN ASSESSMENT to confirm Run Assessment - Confirm
  4. Wait until assessment is completed
    • Click Activity tab
    • Click Refresh Icon periodically and wait until status of assessment becomes Completed
    • Click Advisories tab
  5. Examine the vulnerability assessment results
    • Note the numbers of Critical, High, Medium, Low and None

Task C. Remediate

  1. (Optional) Click Vulnerability > Policies from the side menu
  2. In Vulnerability Assessment for Ubuntu policy page
    • Examine the assessment results: Advisory ID, Advisory Title, CVE, CVSS, Minions
    • Check the first advisory
    • Click REMEDIATE to remediate minions that are vulnerable to this CVE
  3. Stay in Vulnerability Assessment for Ubuntu policy page
    • Click Activity tab
    • Click Refresh Icon periodically and wait until status of remediation becomes Completed
  4. Click RUN ASSESSMENT to run the assessment again
    • In the pop-up dialog
      • Click RUN ASSESSMENT to confirm
  5. Stay in Vulnerability Assessment for Ubuntu policy page
    • Click Activity tab
    • Click Refresh Icon periodically and wait until status of assessment becomes Completed
    • Click Advisories tab to view updated vulnerability policy summary

Task D. Check Results

  1. (Optional) Click Vulnerability > Policies from the side menu
  2. (Optional) Locate and click Vulnerability Assessment for Ubuntu
  3. Examine the vulnerability assessment results
    • Number of vulnerabilities should be decreased
  4. Click Reports for Vulnerability Policy Report
    • Examine the updated overview Vulnerability Summary
    • You can download report in JSON format Vulnerability Policy Summary
  5. Click Vulnerability > Policies from the side menu
    • The page will show oversall summary of all policies
    • Examine the updated Vulnerability Summary, Remediations, Vulnerability trend, and Top Advisories Vulnerability Summary

Summary

VMware Automation for Secure Hosts enhances vulnerability oversight and automate patching at scale by:

  • Managing system vulnerabilities using the latest Common Vulnerabilities and Exposures (CVE) entries
  • Providing vulnerability insights through vulnerability summaries and reports
  • Automating comprehensive scanning, patching, and swift remediation for identified vulnerabilities
  • Enhancing security posture through continuous compliance with the latest standards
  • Connecting custom remediation for the most recent vulnerabilities without relying on OS vendor patches