ThreatWorx platform can now provide specific patch and remediation scripts for all findings reported in the console. These could be code fixes or code diffs for source repository findings, patch scripts for Windows, Linux and other assets as well as remediation scripts for misconfiguration reported in the console.
In many cases, each finding may have more than one patch or remediation script depending on the different ways a particular finding can be remediated. For e.g. If the finding is related to a container image or app, there could be several ways to patch the container i.e. change the Dockerfile, apply an OS level patch, live patch a running container etc. Wherever possible, the platform will provide these options for remediations for the user to choose the appropriate one.
We hope that using this feature, critical issues can be remediated much faster, without having patch teams struggle to find how to patch each finding.
Currently the platform can provide patch and remediation scripts only for findings that are at 100% confidence. (Each finding reported by ThreatWorx has a confidence value (1-100) that suggest how sure the platform is of the accuracy of the match for a vulnerability. This helps in eliminating false positives from a user’s view. It is possible to set your own threshold for confidence by changing the value in your Profile section as mentioned here.
To check for patches and remediations for asset(s), you need to start a task by selecting the asset(s) in the “Manage Assets” page.
- Using the left floating menu, navigate to Assets —> Manage
- Apply the right set of filters or use Search to get to your asset(s)
- Select the asset(s) using the checkbox next to the asset name
- Click the Asset Actions button on top of the assets table to reveal the options
- Click on Check Remediations option from the list and then click Confirm
This will start a task to check for and generate patch and remediation scripts for all findings in the selected asset(s). Depending on the number of findings, these tasks could take a few minutes. You can monitor the progress of your tasks by navigating to Assets –> Active Tasks.
Once these tasks are completed, you can look at each available patch script by navigating to the individual asset and its findings.
For patch scripts:
- Using the left floating menu, navigate to Assets —> Manage
- Find the asset that you just ran the remediations task for
- Click on the asset in the table
- Click on the Vulnerable Components tab
- Select on any finding by clicking on the “Installed / In-use” or “Vulnerable” column in the list of findings. You will see the details of each finding such as recommended action, priority and priority indicators etc.
- If the finding has patch scripts generated, then you should see a tab named Patch Scripts next to Priority Indicators.
- Click on the Patch Scripts tab to reveal all the patches for this finding.
For remediations scripts (for misconfigurations and CSPM issues):
- Using the left floating menu, navigate to Assets —> Manage
- Find the asset that you just ran the remediations task for.
- Click on the asset in the table
- Click on the Misconfigurations tab
- Reveal the details on a finding by clicking on the Title column of any finding.
- If the finding has remediations scripts generated, they will be listed below the details for the finding on the popup.
For code issues:
- Using the left floating menu, navigate to Assets —> Manage
- Find the asset that you just ran the remediations task for.
- Click on the asset in the table
- Click on the Code Vulnerabilities tab
- Reveal the details on a finding by clicking on the Line # column of any finding.
- If the finding has code fix generated, they will be a tab named Resolution
- For dependency vulnerabilities click on Vulnerable Components tab
- Select on any finding by clicking on the “Installed / In-use” or “Vulnerable” column in the list of findings. You will see the details of each finding such as recommended action, priority and priority indicators etc.
- If the finding has patch scripts generated, then you should see a tab named Patch Scripts next to Priority Indicators.
- Click on the Patch Scripts tab to reveal all the ways to remediate this finding.
These patch and remediation scripts are created using augmented generative AI LLM models. We strongly recommend human oversight and verification before deploying these scripts in your production environments.