Zabbix Threat Control: Zabbix vulnerability assessment plugin

Zabbix Threat Control

What the plugin does

It provides Zabbix with information about vulnerabilities existing in your entire infrastructure and suggests easily applicable remediation plans.

Information is displayed in Zabbix in the following format:

  • Maximum CVSS score for each server.
  • Command for fixing all detected vulnerabilities for each server.
  • List of security bulletins with descriptions for vulnerable packages valid for your infrastructure.
  • List of all vulnerable packages in your infrastructure.

Security bulletins and packages information includes:

  • Impact index for the infrastructure.
  • CVSS score of a package or a bulletin.
  • Number of affected servers.
  • A detailed list of affected hosts.
  • Hyperlink to the description of a bulletin.

Sometimes it is impossible to update all packages on all servers to a version that fixes existing vulnerabilities. The proposed representation permits you to selectively update servers or packages.

This approach allows one to fix vulnerabilities using different strategies:

  • all vulnerabilities on a specific server;
  • a single vulnerability in the entire infrastructure.

This can be done directly from Zabbix (using its standard functionality) either on the administrator command or automatically.

How the plugin works

  • Using Zabbix API, the plugin receives lists of installed packages, names and versions of the OS from all the servers in the infrastructure (if the “Vulners OS-Report” template is linked with them).
  • Transmits the data to Vulners
  • Receives information on the vulnerabilities for each server.
  • Processes the received information, aggregates it and sends it back to Zabbix via Zabbix-sender.
  • Finally, the result is displayed in Zabbix.

Installation && Tutorial

Copyright (C) 2018 vulnersCom

Share