Remediate your top vulnerabilities

The Top vulnerabilities table on the Vulnerabilities page lists the vulnerabilities that you need to address most urgently. The ranking on this table is based on a combination of risk score and number of network nodes affected.

To remediate a top vulnerability:

  1. On the Remediate Vulnerabilities dashboard Vulnerability overview tab, click the relevant bar in the Top 5 common vulnerabilities chart.
    Information on the selected vulnerability appears in the Vulnerabilities table.
    Tip: Alternatively, sort the Vulnerabilities table by Hosts affected to list the vulnerabilities affecting the greatest number of nodes in the Vulnerabilities table.
  2. Select the vulnerability you want to remediate in the Vulnerabilities table..
  3. On the Vulnerability detail page, review the analysis and remediation information that is displayed for the selected vulnerability.
    • The Analysis section provides you with information on the nature of the vulnerability and the threat it poses.
    • The Remediation section gives practical information on the remediation task you need to carry out to block the threat (where provided by your vulnerability scanner).
  4. In the Nodes affected table, select the nodes to which you want the remediation task to apply.
    Note:

    If Remediate does not have the credentials to apply a task to a node, it is not selectable in the Nodes affected table.

  5. Click Run Task.
  6. On the Select a task page, choose the task you want to run.
    Note: You can only run tasks that are available on all the nodes you selected.
  7. For Puppet Enterprise nodes only, choose the environment where you want the tasks to run in the Environment column.
  8. Click Select this task to proceed.
  9. On the Configure task page, configure the task as required. Instructions on remediation for the selected vulnerability are visible on this page. Click Confirm details when you are done.
  10. On the Select credentials page, select the credentials that allow you to run the task on the selected nodes, and click Confirm credentials.
    Note: If you are running the task solely on nodes where Puppet Enterprise is installed, the Select credentials page is skipped entirely. Credentials are not needed for PE nodes.
  11. On the Review and run task page, verify that the task summary information is correct, and click Run task.

    A confirmation message appears at the top of the page, confirming that the task type that is now running and how many nodes it affects.

    Tip: To view the status of the task run, on the left hand pane, click Latest events.
    Note: The changes made by the task if successful are only reflected here after your next security scan, so don’t worry if you see no updates at this point.