Advisories sent as plain text emails don’t contain CVE references, CVSS scores or Secunia Product Links. Fixed.
CPE XML feed should contain newly added Secunia products regardless CPE exist or not. Fixed. An additional feed to the existing XML feed has been added, containing the same information as exported in a CSV in "Supported Software" (Secunia Product ID, Vendor, Product, Version and Type).
When using a sub-account, the user cannot change the status of multiple tickets. Fixed.
Unable to add certain vendors to the Asset List. Fixed.
Creating asset lists without a recipient. A warning is displayed that it is recommended to choose at least one recipient.
Request to add comments and priority in the approved advisories sent as plain text email. Fixed. You are now able to see the priority and the comments in the emails generated by the manual approval of tickets.
In addition to the above, a number of minor bug fixes and enhancements have been completed.
New and improved UI - New look and feel is similar to the Secunia CSI 6, and uses the same icons and color design. New menu structure.
Data Import and matching - Imported assets are better matched with the Secunia product database (e.g. a higher 'match ratio' then previously). The import file wizard has improved the match selection.
Integration of VIM and CSI – Users can create and update asset lists automatically in the Secunia VIM based on the Secunia CSI scan results.
The CSI user can authenticate a VIM account.
The user can create an asset list from the CSI using the authenticated VIM account (and specify the recipients).
The products scanned from the CSI will be added to the Asset List on the next synchronization. The updated Asset List (with the new products) can be seen in the VIM.
Now, if any advisory is released from Secunia that affects one of the added products, a ticket will be created.
If the set of products detected during scanning changes, the asset list will be updated in the next synchronization.
Note: The tickets will not be created when the products are synchronized. They will be created when a new advisory is released by Secunia that affects one of the added products.
Activity Log - Displays information about user activity within the Secunia VIM, for example "write" actions, logins, and so on. Users can access a full activity and login log for compliance monitoring and auditing purposes.
Smart Grid Export - Users can click “Export” in a grid view and select “Page” or “All Pages” to export the data to a CSV file.
Enhanced XML & RSS feeds (optional feature)
Additional data has been added to the feed.
The time-specific feeds display advisories from the last 24, 48 and 72 hours.
An additional feed has been implemented to display CPE names related to the Secunia Product ID.
Various: In addition to the major changes, a number of minor bug fixes as well as aesthetic and user-experience enhancements have been completed.
The Secunia Vulnerability Manager (VIM) has been updated with better integration into Secunia CSI and encryption of e-mails, among other things.
The integration with Secunia CSI has been improved to provide easy creation of asset lists in the VIM based on scan results from Secunia CSI.
The Secunia VIM uses Transport Layer Security (TLS) to protect confidentiality and data integrity by encrypting e-mail messages between servers to reduce the risk of eavesdropping, interception, and alteration.
The Secunia Vulnerability Intelligence Manager (VIM) receives significant updates to reporting functionality, adherence to compliance standards, and more.
Reporting functionality has been enhanced to create the most flexible and customizable reporting framework possible. A user now has full control over a wide variety of configuration options and content included in reports they schedule for a one-time or recurring generation.
Standards & Compliance
The Secunia VIM now conforms to various implementation standards for Common Vulnerabilities and Exposures (CVE), Common Platform Enumeration (CPE), Common Vulnerability Scoring System (CVSS) and the NIST Security Content Automation Protocol (SCAP). The Secunia VIM has been certified as "CVE Compatible" by The Mitre Corporation, and is compliant with the Vulnerability Database requirements as given in the NIST Interagency Report 7511 Revision 1 (Draft), Security Content Automation Protocol (SCAP) Version 1.0, Validation Program Test Requirements (Draft), April 2009.
Customized CVSS Scores by Asset List / Advisory
Users can now define certain default CVSS environmental metrics for an entire asset list, as well as customize all environmental and temporal metrics on a per-advisory basis to achieve custom CVSS scores specific to their asset lists and environment.
Several new dashboard portlets have been included.
In addition to the major changes, a number of minor bug fixes as well as aesthetic and user-experience enhancements have been completed.
The Secunia Enterprise Vulnerability Manager (EVM), and the Secunia Vulnerability Intelligence Feed (VIF) merges into a single powerful solution, the Secunia Vulnerability Intelligence Manager (VIM).
New Design and Structure
The user interface have been rebuilt from scratch with a brand new design, structure, and layout. The changes improves the design and adds a general application feel to the solution.
Improved Work-flow / Faster Interface
The work-flow has been improved to accommodate customer demands and requirements. Furthermore, the interface speed and responsiveness has been enhanced significantly.
The new Asset Management functionality enables simple and easy configuration of your local Assets within the Secunia VIM. Upon successful configuration of your Assets targeted Secunia Advisories will be distributed to the configured recipients, effectively filtering the vast amounts of Vulnerability Intelligence published daily by Secunia.
Alerts through Email, SMS, and XML
Configure the recipients of Secunia Advisories for your account. You can get them either through email or SMS for instant notification.
Configure XML feeds that suit your needs and which in turn can be imported into internal systems, or loaded into your favorite RSS reader for easy accessibility to the latest Vulnerability Intelligence.
Ticketing and Tracking System
Secunia Advisories matching your Assets will automatically be added to the Ticketing System within the Secunia VIM, enabling you to track and manage all targeted Vulnerability Intelligence received, as well as ensuring that Secunia Advisories are appropriately dealt with, within the time frames defined in the Secunia VIM solution (see Compliance Policies).
Advanced reporting functionality is available in various forms throughout the Secunia VIM. Reporting functions are available directly within the solution in the form of pages providing overviews, statistics, and high-level details, others are available as PDF reports that can be emailed to you at scheduled intervals.
Dashboards are available at both “user” and “management” level, which can be configured using various elements to provide a quick and simple overview of your account, the latest Vulnerability Intelligence released, as well as information about the most recent news from Secunia.
The User Management add a whole new layer (multiple users) to the Secunia VIM solution. The functionality enables the manager of the Secunia VIM solution to create users, who have access to configure their own Assets, contact profiles, and administrate their own Tickets. This enables the manager to track if sub-users are resolving/processing the Secunia Advisories they receive, as well as adding the ability to define Compliance Policies that must be met by the sub-users.
NOTE: User Management is not available during the Public Beta.
Allows the manager to configure global or per-asset Compliance Policies, which defines how quickly certain Secunia Advisories must be handled/processed in the Ticketing System for the user to stay compliant with company rules.
Administrative Control Features
Various features are available which can be used to e.g. control the flow of Secunia Advisories to sub-users, define policies, move/copy Asset lists between users, and so forth.
Full and Improved Access to the Secunia Vulnerability Database
The Secunia VIM features full and improved access to the vast amounts of Vulnerability Intelligence in the Secunia Vulnerability Database.
It is possible to access the Vulnerability Intelligence in variety of ways, as well as filtering, sorting, and grouping the data to suit your specific needs.
NOTE: Access to “Extended Advisories” and “Proof of Concept” code are not available during the Public Beta.
Besides all the major changes that have occurred a lot of subtle features and functions are also available throughout the Secunia VIM.
Try Secunia VIM today
Sign up for a FREE trial
Get a quote
Answer a few quick questions and get a free bespoke quote for your vulnerability management needs.