Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Is there a database of the signatures held

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
CSI

This thread has been marked as locked.
rattyryan Is there a database of the signatures held
Member 1st Oct, 2013 15:56
Ranking: 0
Posts: 3
User Since: 1st Oct, 2013
System Score: N/A
Location: UK
Hi. I am trying to find all the applications in use within my company that have reach their End of Life (End of supported./life) and have come across Secunia. The thing is I just have a spreadsheet with application name and version. Is there a way I can import that to the Secunia software?

Or is there a downloadable file so I can check them manuall?

Thanks,
Ryan

Maurice Joyce RE: Is there a database of the signatures held
Handling Contributor 1st Oct, 2013 16:17
Score: 11743
Posts: 9,000
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 1st Oct, 2013 16:19
Ryan,
You cannot create a database as you would want it. However Secunia does have a database you can search by programme here:

https://secunia.com/community/advisories/product/

and by vendor here:

https://secunia.com/community/advisories/vendor/

If you find you have programmes installed not covered by a full PSI scan you can always suggest it to them with the tool provided within PSI.

Secunia do not accept programmes versions in ALPHA(Includes Google Canary/Dev & Mozilla Aurora) or BETA.

Hope this helps.

Edit: I have just noted you have posted to CSI - if you are a CSI user perhaps best to wait for Secunia Support to endorse my post.



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
rattyryan RE: Is there a database of the signatures held
Member 1st Oct, 2013 16:47
Score: 0
Posts: 3
User Since: 1st Oct 2013
System Score: N/A
Location: UK
Thanks Maurice. I don't seem to be able to locate the End of Life for any given product found at those links. Am' I missing something or if something has been patched does that indicate it has reached its end of support?
Was this reply relevant?
+0
-0
Maurice Joyce RE: Is there a database of the signatures held
Handling Contributor 1st Oct, 2013 17:23
Score: 11743
Posts: 9,000
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Ryan,
You are correct - to the best of my knowledge a separate list of End of Life items does not exist.

What happens with PSI is that after any full scan of your programmes any End of Life items are highlighted like this:

https://1ncuig.bn1.livefilestore.com/y2po4CjW4bkI9...

Secunia now leave the decision making to the user on what is the best course of action to remain secure.








--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
rattyryan RE: Is there a database of the signatures held
Member 1st Oct, 2013 17:38
Score: 0
Posts: 3
User Since: 1st Oct 2013
System Score: N/A
Location: UK
How does it know if an application has reached its EOL?
Was this reply relevant?
+0
-0
Maurice Joyce RE: Is there a database of the signatures held
Handling Contributor 1st Oct, 2013 18:41
Score: 11743
Posts: 9,000
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Secunia get the information from the vendor.

Users in most cases can do that themselves from any good vendor website.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
This user no longer exists RE: Is there a database of the signatures held
Secunia Official 2nd Oct, 2013 09:45
Dear Ryan,

If you are a Secunia CSI user, there would be no need to import any lists into the CSI solution. What you really need to do is perform a type 2 / type 3 scan against all Clients in your domain. CSI will find all EOL programs for you and it would allow you to export an updated list of those.

Secunia CSI would detect the metadata of each executable file placed on your systems and it would then evaluate each independently detected file against the Secunia Vulnerability Intelligence database that holds intelligence which products are Insecure, or EOL, or both.

The information is provided in the form of a scan result under 'Completed Scans' in the CSI UI, and furthermore isolated within a separate section under Results menu (Programs > EOL). Once you scanned your Clients, CSI will know which of your programs are EOL and/or Insecure.

Finally, you can use the CSI Database Console to perform customized query that fetches a list of all EOL programs in the domain. The list would be complete and it could be exported to a CSV file, should you need to further process this list through MS Excel or similar programs.

If you are a PSI user only, please re-direct your questions to the Secunia PSI forum where our PSI support team would provide you with a further technical assistance.

Kind regards / Stay Secure
Rosen Danailov / Security+
Secunia Customer Support

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability