Using Automox Vulnerability Sync

To organize vulnerabilities into Automox tasks, follow these steps:

  1. Download a CSV-formatted vulnerability report from your third-party vulnerability scanner. Refer to Exporting Vulnerability Scanner Reports.
    The report must identify hostnames and CVE IDs. Be sure to include relevant filters, because there is a file-size limit of 1 GB.
    Note: Each CVE ID means an individual task created by Automox.
  2. Click Manage to navigate to the System Management landing page and click View Pending. This opens the list of pending tasks.

    List of pending tasks


  3. Click Add Task and upload the CSV file that was downloaded from the vulnerability scanner. If Automox determines the size of the file is acceptable, a confirmation shows that the file is accepted without errors and prompts you to click Next. A message then shows that it is processing the CSV. Click Finish.


  4. From the Imported Batches tab you can follow the mapping process of the uploaded CSV file.
    The mapping process is asynchronous and will take time to discover hostnames and any CVEs that they are impacted by. A sync is complete once it shows as Awaiting Approval. Each CSV file has its own row and when the file completes processing, it is highlighted.


    Table ColumnDescription
    CSV NameName of the CSV file that was uploaded
    Queued ByEmail address of the user who uploaded the file
    Impacted DevicesNumber of devices impacted by the task
    StatusPossible values:
    • Awaiting Approval
    • Rejected
    • Approved
    • Building
    • Error

  5. From the Imported Batches tab, click the CSV file name to open the results page. The Tasks Pending Creation tab outlines all of the tasks to be created (each one is a separate CVE).

  6. Before creating any tasks, review the separate tab titled Potential Issues that highlights any issues with the data that Automox has ingested.

    Table ColumnDescription
    DeviceName of the device with potential issues
    HostnamePermanent device name
    Private IPIP address of the device
    CVEName of the CVE
    Issue Type
    (hover over description for more information)
    Possible values:
    • CVE not found: Automox doesn't have data on the CVE ID in question, the CVE is out of date/superseded by a different CVE, or it is associated with a macOS vulnerability or third-party app that we don't currently support.
    • Hostname not found: Automox was unable to find a match for the hostname in the report. Check if the Automox agent is deployed on the device.
    • Duplicate hostname: Two or more of the same hostnames were found. Automox will apply packages to all duplicated hosts. Ensure that hostnames are unique.

    After you have reviewed the issues tab, you can move on to the next step and create tasks.
  7. From the Tasks Pending Creation tab, you can either create tasks, reject the batch, or cancel and return to the list of batches. To create tasks, click Create Tasks to add tasks to the Tasks page.


  8. From the Tasks page, click the task name to open the task details page. From here you can run the task, reject the task, or export a detailed CSV. Click Run Now.

    When the task is initiated, commands are immediately sent to all impacted devices. If reboots are required, these happen without notification or deferral options.

  9. You can export a detailed CSV of all impacted devices with greater detail (Note: This is available for tasks in any status).
    The export includes the following:
    • Hostname
    • Custom Name
    • Device ID
    • Patch Status
    • Error Message
    • Private IP
    • Public IP
    • Time Initiated
    • Time Completed
    • Patch Completed (identifies the CVE)
    • Package Version ID
    • Software
             
  10. At any point you can view a summary page of a task that is in progress. Click the task name from the Tasks page to review real-time, device-level reports. Commands time-out after 24 hours of the device being unreachable, which results in a patch failure. As noted previously, detailed device reports for a given task are available in any status (Pending, In Progress, Executed, Rejected).  


  11. You can reject a task that represents work that will not be done. It will remain in the task list indefinitely with the appropriate status. Tasks that are rejected remain on the Tasks page. If you decide to run that task in the future, you have to re-import the CSV, create the tasks, and run them. This function is primarily to serve the use-case of a CVE or package being obsolete or something that an admin has determined they will not do.