ZENWorks Vulnerability Scanner

Hi Community,

I am hoping to clarify some questions.

Other than upstream CVE's received via the NIST API or similar mechanism, can ZENworks Patch Management solution be configured to receive vulnerability scan results via its API from tools such as Tenable Nessus and other dedicated vulnerability assessment tools/solutions. I cannot seem to find this information.

Secondly, how is the ZENworks vulnerability assessment of OS and applications effectiveness as compared to Nessus which uses various plug-ins for discovery? For example, can ZENworks scan the Windows registry?  Since it seems to have different discovery approach.

Lastly, does the ZENWorks Patch Management / Vulnerability solution able to offer a distributed three-tier architecture whereby, the endpoint Agents report to a "Intermediary" Manager which in turn reports to a 'Central" Management system (i.e the "brain" where policy and users are defined)

{Central Manager}   <----> {Agent Manager} <-----> {Agents}

Best regards,

Dami

  • 0  

    To start at the bottom, the answer would be YES , in that would be ZENworks itself.  The Agent's are not stand alone and report to the ZENworks Primary Servers and results are stored in the DB.  The agents are not stand-alone objects.  Third party devices can query the DB which holds extensive details if some other product wants the same information.  ZENworks Reporting Server can be used to help generate the required queries for external information.

    In General, For CVEs ZCM will only report if impacted software is installed and not analyze the configuration of the software, though administrators could indeed do that on a case by case basis if desired if they owned the full ZCM that allows for deeper dives and creating your own definitions. 

    I would recommend not trying to equate what Tenable does with what ZCM does.  Very Different on so many levels.  

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • 0 in reply to   

    Thank you Craig.
    I am not completely clear yet.
    However, now I do understand that ZENworks can only report on a vulnerability with a specific software version it is keeping track of, and it is not particularly actively doing a "whole system" scan.
    Therefore, ZENworks cannot be a like-for-like replacement for Tenable/Qualys vulnerability assessment scanners?

    Secondly, it is not very clear to me from your answer if ZENworks can receive feeds via API or other means the scan results (e.g., from Tenable/Qualys), however, I have inferred it CANNOT do so.

    Lastly, I am also not clear on the distributed / solution for tiered architecture (or deployment) available in ZENworks.
    I am interested in understanding how much the product can scale in a very distributed deployment, say 50 sites (each site having hundreds of workstation clients/server) with only one instance of a Central Management system.
    In such a deployment, as mentioned earlier, can the Central Manager delegate (or have) an intermediary between the Agent and the "Brain/Central Manager" such that they are reporting (and policy is received) from the "decentralised managers"?

    Thank you.
    Damilola.

  • Verified Answer

    +1   in reply to 

    Correct...It's not "Like for Like".  Tenable may show warning if there is an old ISO file on a system in a downloads folder.  ZCM would throw an error if the software on the ISO was installed.  Both detection methods have their place.  

    In regards to scale, there are customers with 1000s of sites and well over 100K devices.  Scaling is not an issue.

    Tenable/Qualsys don't work the same..it would not take that feed.  

    And Keep in mind, I don't claim to be a Tenable Expert, but have worked with remediating Tenable Reports from customers using that product.  Often false positives due to old stray files on the file system no longer in use.  Perhaps the scan was not set to read registry entries, XML settings, etc to actually know if an issue actually existed.  Often software XYZ will have an issue in a very specific non-default value.....so we've had to confirm we are not using the specific setting with the issue.  Perhaps those generating the reports were not using all available options to minimize false reports.

    They key is not to view these items as the same product....they work very different.

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks