1. Root Cause Breakdown

The Root Cause Breakdown section lists vulnerabilities by their underlying causes, enabling users to identify and address issues at the source. The table displays:

• Root Cause: The primary software or configuration issue contributing to vulnerabilities.
• No. of CVEs: The number of Common Vulnerabilities and Exposures associated with each root cause. Each CVE is clickable, providing more details about the specific vulnerabilities.
• Severity: Icons indicate the severity levels (Low, Medium, High, Critical) of vulnerabilities linked to each root cause.
• Workstations and Servers: The number of affected workstations and servers, with clickable icons that lead to detailed lists of impacted devices.
• Total-V: The total number of vulnerabilities across all devices.
• Action: A Patch button for initiating patch deployment to address each root cause. If the Patch button is not visible, it could be due to:
  • The target not being scanned by its local agent.
  • Previous patches applied without a follow-up scan.
  • Unsupported applications for CYRISMA's patch management.

You can filter by All, Third Party, or Windows root causes, helping to streamline the patching process based on environment needs.

2. Scheduling Patches

To schedule a patch:

• Click the Patch button next to a root cause in the Root Cause Breakdown table.
• A top-level date picker allows scheduling of patches across all targets, while individual schedules can also be set per target.
• Note: If a target or agent is offline during the scheduled patch time, the patch will apply when the target resumes operation. Restarts are generally unnecessary unless required by specific applications.

3. Unique CVE Breakdown

The Unique CVE Breakdown chart shows the distribution of CVEs across Workstations and Servers, categorized by severity. While individual CVEs may appear on multiple device types, they are only counted once in the "Total Unique" column.

4. Patch History

Clicking the View Patch History button opens a detailed modal displaying past patch activities. The Patch History modal provides insights into:

• Targets Patched and Success Rate: A summary of successful patch deployments.
• Patch Details Table:
  • Target: The device where the patch was applied.
  • Agent: The scanning agent responsible for patching.
  • Patch Software: The specific application or component patched.
  • Result: The outcome of the patch attempt, such as:
    • Patch Pending: Indicates scheduled patches that have not yet applied, with an option in the Action column to delete the pending patch.
    • Patch Successful or Patch Failed: Allows you to view logs for troubleshooting or confirmation of patch status.
  • Patch By: The user who initiated the patch.
  • Patch Time: When the patch was applied.

For patches in Patch Pending status, you can cancel them via the Action column. For other statuses, such as Patch Successful or Patch Failed, you can access detailed logs to verify patch outcomes or diagnose failures.

The Patch History table is searchable and can be exported as a CSV for record-keeping or reporting purposes.

Conclusion

The Patch Manager is an essential tool for mitigating risks in CYRISMA by addressing vulnerabilities at the root cause. By scheduling and tracking patches and understanding patch history, organizations can enhance their security posture and maintain a detailed log of patching activities across their environments. For further assistance, please contact CYRISMA support.Overview

Root Cause Analysis (RCA) is a critical component of vulnerability management, allowing you to identify and address the underlying issues that lead to vulnerabilities within your systems. This article explains how to navigate the Root Cause Breakdown, view impacted targets, and schedule necessary patches.

Root Cause Breakdown

In the Root Cause Breakdown section, you can gain insights into the vulnerabilities affecting your environment:

Viewing CVEs: By clicking on the number of CVEs (Common Vulnerabilities and Exposures) associated with a particular root cause, you will see a list of all CVEs discovered that are likely linked to this root cause. Each CVE is a clickable link that provides a summary, helping you understand the nature of the vulnerability.

Impacted Targets: To see which workstations or servers are impacted by each root cause, click on the icons in the Workstations and Servers columns within the Root Cause table. This will display a list of affected targets. Each target listed is also a link to a summary of its vulnerability status, allowing for quick assessment.

Scheduling Patches

To address a specific root cause, you have the option to schedule a patch or software update:

• Patch Button: Clicking on the Patch button under the Action column allows you to initiate the patching process.

Reasons for the Patch Button Not Showing

There are several scenarios in which the Patch button may not be available:

Local Agent Requirement: The target must be scanned by a local agent installed on that machine. If the target has an agent but was scanned by another agent, you need to re-scan it from its own local agent before patching.

Previous Patches Applied: If a software update or patch has already been executed, but no new scans have been performed since, the Root Cause list will not update. To refresh the list and determine any additional patching needs, run a new scan after applying the updates.

Unsupported Applications: The root cause may not be associated with an application or patch supported by CYRISMA’s patch management system. In such cases, manual intervention may be required to address the issue.

Conclusion

Root Cause Analysis within CYRISMA provides valuable insights into vulnerabilities and their underlying causes, enabling you to make informed decisions about remediation. By effectively utilizing the Root Cause Breakdown, viewing impacted targets, and scheduling patches, you can enhance your organization’s security posture. If you encounter any issues or need further assistance, please reach out to your support team.