Cortex XDR Vulnerability Assessment - Linux Backporting Security Fixes

Showing results for 
Search instead for 
Did you mean: 

Cortex XDR Vulnerability Assessment - Linux Backporting Security Fixes

L2 Linker

Dear community


When using the Vulnerability Assessment with Linux hosts, the results may include a lot of false positives.

Distributions which are backporting security fixes (CentOS / Debian) do may not change the App Version when they got patched.


"Backporting has a number of advantages for customers, but it can create confusion when it is not understood. Customers need to be aware that just looking at the version number of a package will not tell them if they are vulnerable or not"


"We also supply OVAL definitions (machine-readable versions of our advisories) that third-party vulnerability tools can use to determine the status of vulnerabilities, even when security fixes have been backported."


I didn't see much in the documentation, and I'm not sure if this is "working as expected" or if there is a way to improve the configuration for better detection.





Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!