How to Handle Vulnerability Reports with RHEL and Crowdstrike?

0
26
Asked By CloudySkies123 On

Hey everyone! I'm dealing with a situation in my role as a sysadmin where I've got my RHEL 9.7 system running with Crowdstrike installed. My manager keeps seeing countless vulnerabilities flagged every month, and it feels like there's hardly any fix available yet because the tools aren't reporting any patches that correspond to those vulnerabilities. I'm curious how others manage this kind of scenario when the machines are supposedly up to date, yet still getting bombarded by these no-fix alerts. Any advice on how to navigate this would be greatly appreciated!

5 Answers

Answered By PatchItBetter On

Just a heads up, this presence of no-fix vulnerabilities often indicates a failure in vulnerability management. An IT manager typically shouldn't be resolving these deeply technical issues alone. Engaging with security experts to assess and properly address these vulnerabilities would be ideal.

Answered By TechSavvyGuru On

It's important to double-check if those vulnerabilities are genuine or just false positives. Red Hat often backports security fixes, which can confuse many scanners. They might report a vulnerability that’s already been patched in the version you have.

VulnHunter42 -

That's a good point! I'd love to know more about how to check for those backported fixes, especially with regards to OpenSSL.

Answered By CrowdWatchDog On

It's worth mentioning that if Crowdstrike hasn't flagged a fix, then it's likely there's no patch issued by Red Hat yet. Showing your manager the security advisory status ('Affected' vs. 'Fix available') can help clarify the situation.

Answered By SecurityPro89 On

I think the real deal here is validating what the scanners report. They're tools, not foolproof solutions. You have to validate the claims, find out who’s responsible for the vulnerabilities, and get them to acknowledge it. Then, work together to come up with a remediation plan—patch, disable features, or whatever is necessary. This is an ongoing process of checks and balances.

PatchMaster21 -

Absolutely! Once you've nailed down the process, keep digging deeper to find any additional issues down the line.

Answered By CVE_Expert On

Check if the vulnerabilities reported by Crowdstrike are actually fixed with regards to RHEL's versioning. RHEL may backport fixes that some scanners might not pick up. You can look up CVE details on the Red Hat security page to see if there's a fix available, which involves checking against the CVE and their Errata page for updates.

InsiderInfo77 -

Thanks for breaking that down! If a vulnerability has been marked as 'Medium' and hasn't been fixed in over 76 days, does that mean it’s unlikely to be addressed soon?

CodeBreaker99 -

I've definitely printed out CVE write-ups and shared them with my security team to make sure they know what's valid vs. what the scanner claims.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.