Cisco Vulnerability Management FAQ

Centralized User Management 

Do I have to prepare my environment for the implementation of central authentication?

No, the centralized user management for storage doesn’t require you to perform any actions in your environment. All you have to do is ensure that your users log in at least once in the next 12 months (by June of 2025). If they don’t sign in during the next 12 months, the next time that they do sign in, they will be prompted to change their password.

My company uses SSO, does anything change for my users?

For SSO customers, Cisco Vulnerability Management will continue to store credentials (such as  email and password for non-SSO customers). SSO customers will continue to operate as they do now: Cisco Vulnerability Management will receive and process the cryptographically verified responses from your SSO providers and use that to identify which user has been authenticated. No SSO response data is stored in either version of the authentication services that Cisco Vulnerability Management uses.

Cisco Secure Endpoint (CSE)

If the Orbital query occurs every 6 hours, why do the Cisco Vulnerability Management connector runs occur every hour?

A scheduled Orbital query has a 6-hour duration, but it sends asset data to the connector as it becomes available. The connector is a batch-based system and “real-time” data collection is not currently possible, so CSE collects the data and processes it, when it becomes available during the hourly connector run.

Beyond the list of supported software in Inference, does CSE also bring in vulnerabilities for products that are not listed or supported? If so, is it possible to differentiate between supported and non-supported product vulnerabilities?

Not listed and unsupported vulnerabilities may be returned from Inference. However, currently there is no way to distinguish between supported and non-supported vulnerabilities. In future, this ability may be added.

There are a lot of vulnerabilities from the CSE that do not have fixes in Cisco Vulnerability Management. Is this expected, and if so, why does it occur?

Cisco Vulnerability Management has a “Fix Data” dataset, but it does not have fix data for all vulnerabilities. If there is fix data for a vulnerability, the data is displayed. If no fix data is available, then nothing is returned.

Are there vulnerabilities from non-supported Operating Systems and Apps or both that come into Cisco Vulnerability Management? If so, can you differentiate between them?

Inference does return vulnerabilities for many non-supported operating systems and applications, but their data quality is unverified and may not be supported by your Service Level Agreement. Unfortunately, there is currently no way to differentiate between them. For the list of supported applications, see the “Supported Applications with Supported Data Quality” section in the Vulnerability Assessment with Cisco Secure Endpoint article.

Vulnerabilities

When new vulnerabilities are created, why are their notes fields already populated?
This occurs because when new vulnerability records are imported, any notes associated with the asset are copied to the new vulnerability.