Cisco Secure Endpoint (CSE)
If the Orbital query occurs every 6 hours, why do the Cisco Vulnerability Management connector runs occur every hour?
A scheduled Orbital query has a 6-hour duration, but it sends asset data to the connector as it becomes available. The connector is a batch-based system and “real-time” data collection is not currently possible, so CSE collects the data and processes it, when it becomes available during the hourly connector run.
Beyond the list of supported software in Inference, does CSE also bring in vulnerabilities for products that are not listed or supported? If so, it is possible to differentiate between supported and non-supported product vulnerabilities?
Not listed and unsupported vulnerabilities may be returned from Inference. However, currently there is no way to distinguish between supported and non-supported vulnerabilities. In future, this ability may be added.
There are a lot of vulnerabilities from the CSE that do not have fixes in Cisco Vulnerability Management. Is this expected, and if so, why does it occur?
Cisco Vulnerability Management has a “Kenna Fix Data” dataset, but it does not have fix data for all vulnerabilities. If there is fix data for a vulnerability, the data is displayed. If no fix data is available, then nothing is returned.
Are there vulnerabilities from non-supported Operating Systems and Apps or both that come into Cisco Vulnerability Management? If so, can you differentiate between them?
Inference does return vulnerabilities for many non-supported operating systems and applications, but their data quality is unverified and may not be supported by your Service Level Agreement. Unfortunately, there is currently no way to differentiate between them. For the list of supported applications, see the “Supported Applications with Supported Data Quality” section in the Vulnerability Assessment with Cisco Secure Endpoint article.