Latest versions of the Secunia VIM

You can view all of the latest Secunia Vulnerability Intelligence Manager versions. The change logs which detail the latest updates and enhancements are listed below:

The primary changes are:

Reporting:

• Cannot download/view CPE xml feed. Fixed.

Advisories:

• Advisories sent as plain text emails don’t contain CVE references, CVSS scores or Secunia Product Links. Fixed.

General:

• CPE XML feed should contain newly added Secunia products regardless CPE exist or not. Fixed. An additional feed to the existing XML feed has been added, containing the same information as exported in a CSV in "Supported Software" (Secunia Product ID, Vendor, Product, Version and Type).
• When using a sub-account, the user cannot change the status of multiple tickets. Fixed.
• Unable to add certain vendors to the Asset List. Fixed.
• Creating asset lists without a recipient. A warning is displayed that it is recommended to choose at least one recipient.
• Request to add comments and priority in the approved advisories sent as plain text email. Fixed. You are now able to see the priority and the comments in the emails generated by the manual approval of tickets.

Various:

• In addition to the above, a number of minor bug fixes and enhancements have been completed.

The primary changes are:

Reporting:

• Factsheets: Historic Product Statics menu and functionality has been added to provide access to the Secunia Security Factsheets.
• Improved report configuration options for sub-users.

Advisories:

• Improved vendor information on Advisories.
• Impact information provided for German Advisories.
• Historical advisories - number of rows: The rows displayed are now dynamically resized when the window is resized.
• Alerts generated for unapproved Advisories: Fixed.
• Approving advisory by main administrator doesn't send email to sub account: Fixed.

General:

• Duration of the visibility of Menu tips: Menu tip display time extended from 5 to 10 seconds.
• Asset List - CSV import first row behaviour: Fixed.
• Account creation: User Type Text: Fixed.
• Product List cannot be exported over SSL on Windows XP: Fixed.
• SMS Criticality threshold has no affect - Sends SMS for all vulnerabilities: Fixed.

Various:

• In addition to the above, a number of minor bug fixes and enhancements have been completed.

New and improved UI - New look and feel is similar to the Secunia CSI 6, and uses the same icons and color design. New menu structure.

Data Import and matching - Imported assets are better matched with the Secunia product database (e.g. a higher 'match ratio' then previously). The import file wizard has improved the match selection.

Integration of VIM and CSI – Users can create and update asset lists automatically in the Secunia VIM based on the Secunia CSI scan results.

• The CSI user can authenticate a VIM account.
• The user can create an asset list from the CSI using the authenticated VIM account (and specify the recipients).
• The products scanned from the CSI will be added to the Asset List on the next synchronization. The updated Asset List (with the new products) can be seen in the VIM.
• Now, if any advisory is released from Secunia that affects one of the added products, a ticket will be created.
• If the set of products detected during scanning changes, the asset list will be updated in the next synchronization.

Note: The tickets will not be created when the products are synchronized. They will be created when a new advisory is released by Secunia that affects one of the added products.

Activity Log - Displays information about user activity within the Secunia VIM, for example "write" actions, logins, and so on. Users can access a full activity and login log for compliance monitoring and auditing purposes.

Smart Grid Export - Users can click “Export” in a grid view and select “Page” or “All Pages” to export the data to a CSV file.

Enhanced XML & RSS feeds (optional feature)

• Additional data has been added to the feed.
• The time-specific feeds display advisories from the last 24, 48 and 72 hours.
• An additional feed has been implemented to display CPE names related to the Secunia Product ID.

Various:
In addition to the major changes, a number of minor bug fixes as well as aesthetic and user-experience enhancements have been completed.

All advisories do not show Vendor information – Fixed.

Various:

No major changes. A number of minor bug fixes as well as aesthetic and user-experience enhancements have been completed.

Management:

The main Account will control whether a sub-account has access to the VIM Data Base or not. The VIM Data Base will not be available for sub-accounts, if the main account doesn't have access to it.

Performance enhancements have been made, which will effect:

• Asset Lists to load quicker
• Dashboard profiles to load quicker.

Asset list:

Copy asset lists to the same user.

Report:

In PDF reports, the graphic will now show new advisories to the right side in the graphic instead of the left.

Historic Advisories:

Historic advisories previously did not contain all advisories – this has been fixed.

Tickets:

• In "Ticket Created" the column sorting has been fixed.
• Some report functionalities for Shadow accounts have been fixed.
• Tickets will now retain the correct status after any advisory updates

User Account:

• Inconsistent data in the user account profile has been fixed.
• If an account is deleted, its reports are moved to its parent account.

Some UI glitches have been fixed.

Various:

In addition to the major changes, a number of minor bug fixes as well as aesthetic and user-experience enhancements have been completed.

The Secunia Vulnerability Manager (VIM) has been updated with better integration into Secunia CSI and encryption of e-mails, among other things.

• CSI integration

  The integration with Secunia CSI has been improved to provide easy creation of asset lists in the VIM based on scan results from Secunia CSI.

• Encrypted e-mail

  The Secunia VIM uses Transport Layer Security (TLS) to protect confidentiality and data integrity by encrypting e-mail messages between servers to reduce the risk of eavesdropping, interception, and alteration.

• Various

  Various small enhancements and bug fixes.

The Secunia Vulnerability Intelligence Manager (VIM) receives significant updates to reporting functionality, adherence to compliance standards, and more.

• Enhanced Reporting

  Reporting functionality has been enhanced to create the most flexible and customizable reporting framework possible. A user now has full control over a wide variety of configuration options and content included in reports they schedule for a one-time or recurring generation.

• Standards & Compliance

  The Secunia VIM now conforms to various implementation standards for Common Vulnerabilities and Exposures (CVE), Common Platform Enumeration (CPE), Common Vulnerability Scoring System (CVSS) and the NIST Security Content Automation Protocol (SCAP). The Secunia VIM has been certified as "CVE Compatible" by The Mitre Corporation, and is compliant with the Vulnerability Database requirements as given in the NIST Interagency Report 7511 Revision 1 (Draft), Security Content Automation Protocol (SCAP) Version 1.0, Validation Program Test Requirements (Draft), April 2009.

• Customized CVSS Scores by Asset List / Advisory

  Users can now define certain default CVSS environmental metrics for an entire asset list, as well as customize all environmental and temporal metrics on a per-advisory basis to achieve custom CVSS scores specific to their asset lists and environment.

• Dashboard

  Several new dashboard portlets have been included.

• Various

  In addition to the major changes, a number of minor bug fixes as well as aesthetic and user-experience enhancements have been completed.

The Secunia Enterprise Vulnerability Manager (EVM), and the Secunia Vulnerability Intelligence Feed (VIF) merges into a single powerful solution, the Secunia Vulnerability Intelligence Manager (VIM).

• New Design and Structure

  The user interface have been rebuilt from scratch with a brand new design, structure, and layout. The changes improves the design and adds a general application feel to the solution.

• Improved Work-flow / Faster Interface

  The work-flow has been improved to accommodate customer demands and requirements. Furthermore, the interface speed and responsiveness has been enhanced significantly.

• Asset Management

  The new Asset Management functionality enables simple and easy configuration of your local Assets within the Secunia VIM. Upon successful configuration of your Assets targeted Secunia Advisories will be distributed to the configured recipients, effectively filtering the vast amounts of Vulnerability Intelligence published daily by Secunia.

• Alerts through Email, SMS, and XML

  Configure the recipients of Secunia Advisories for your account. You can get them either through email or SMS for instant notification.
  
  Configure XML feeds that suit your needs and which in turn can be imported into internal systems, or loaded into your favorite RSS reader for easy accessibility to the latest Vulnerability Intelligence.

• Ticketing and Tracking System

  Secunia Advisories matching your Assets will automatically be added to the Ticketing System within the Secunia VIM, enabling you to track and manage all targeted Vulnerability Intelligence received, as well as ensuring that Secunia Advisories are appropriately dealt with, within the time frames defined in the Secunia VIM solution (see Compliance Policies).

• Reporting

  Advanced reporting functionality is available in various forms throughout the Secunia VIM. Reporting functions are available directly within the solution in the form of pages providing overviews, statistics, and high-level details, others are available as PDF reports that can be emailed to you at scheduled intervals.

• Dashboards

  Dashboards are available at both “user” and “management” level, which can be configured using various elements to provide a quick and simple overview of your account, the latest Vulnerability Intelligence released, as well as information about the most recent news from Secunia.

• User Management

  The User Management add a whole new layer (multiple users) to the Secunia VIM solution. The functionality enables the manager of the Secunia VIM solution to create users, who have access to configure their own Assets, contact profiles, and administrate their own Tickets. This enables the manager to track if sub-users are resolving/processing the Secunia Advisories they receive, as well as adding the ability to define Compliance Policies that must be met by the sub-users.
  
  NOTE: User Management is not available during the Public Beta.

• Compliance Policies

  Allows the manager to configure global or per-asset Compliance Policies, which defines how quickly certain Secunia Advisories must be handled/processed in the Ticketing System for the user to stay compliant with company rules.

• Administrative Control Features

  Various features are available which can be used to e.g. control the flow of Secunia Advisories to sub-users, define policies, move/copy Asset lists between users, and so forth.

• Full and Improved Access to the Secunia Vulnerability Database

  The Secunia VIM features full and improved access to the vast amounts of Vulnerability Intelligence in the Secunia Vulnerability Database.
  
  It is possible to access the Vulnerability Intelligence in variety of ways, as well as filtering, sorting, and grouping the data to suit your specific needs.
  
  NOTE: Access to “Extended Advisories” and “Proof of Concept” code are not available during the Public Beta.

• Various

  Besides all the major changes that have occurred a lot of subtle features and functions are also available throughout the Secunia VIM.