Managing Third Party Updates with Microsoft’s System Center Configuration Manager Secunia Integration, MMS 2015 Kent AgerlundSherry Kissinger

#MMSMOA Owner, Coretech author/kea/ Microsoft MVP Copenhagen, Denmark Kent Agerlund

#MMSMOA Systems Engineer cug.org/blogs/s herry-kissinger 14 years experience with SMS / ConfigMgr Microsoft MVP Jackson, Wisconsin Sherry Kissinger

3 rd party Security Updates using SCCM and Secunia CSI integration

Secunia CSI What is it? Secunia CSI is a scanning tool with an intranet backend server. The scanning tool is deployed to randomly selected ConfigMgr Clients and is purely for getting a statistical random sample. What is it NOT? It does NOT deploy patches on it’s own. It does NOT make any decisions for you.

Secunia CSI: how does it work? After scanning the statistical random sample (this is a rotating sample—newly random machines will be targeted continuously), the Secunia server will compile the data to be presented to decision makers. Because of Secunia’s threat level logistics, the “most vulnerable” applications will be ranked highest. The group who will look at these reports will identify and inform Application owners that their application is a high security risk based on the Secunia server compiled results.

Decision Maker Reports (example)

Decision Maker Reports click-through (sample)

Secunia CSI: Decision Making The Application Owner will evaluate the data, and depending upon their own Service Level Agreements or other factors, will decide whether an Uninstall, Upgrade using traditional package, or if offering an update via ConfigMgr as a “Software Update” is possible and preferred to a traditional deployment

Sample (lab) ConfigMgr Console What a Deployment Admin would see in the Configmgr Console Note it looks just like any other patch in the console; the only thing making it appear different is the Vendor will be “Secunia”

Secunia to CM Integration Only if the Application Owner has confirmed that patching their application via something that looks like a Software Updates deployment would the application owner engage the ConfigMgr team to test leveraging a Secunia-synchronized package in the lab; and once confirmed that the patch performs as expected, then moved to production. The Application Owner will need to follow all defined processes for a deployment.

Vulnerability Reporting For those applications synchronized according to the Application Owner, reports will be available via standard ConfigMgr SRS reporting.

ConfigMgr Report Demo

Summary Secunia scanning of random sample workstations is to find the most insecure applications which may not already be known and addressed. Deployments to address those insecurities may or may not be utilizing Software Updates mechanism (Secunia)—only the application owners can make that decision.

…Now for the technical geeky stuff

Random Sampling Why are we just sampling? How is that being done?

Randomizing script On Error Resume Next ' 'Purpose: Run a Secunia CSIA Vulnerability Scan, and log activity 'Author: Sherry Kissinger 'Created: ' 'Steps: 'Pick a random number between 1 and 365, if = 1 then continue, else quit. 'Delete any existing SecuniaScan.log in %temp% '1- run csia.exe with parameters from same folder as this vbscript lives (usually a cm cache location) ' -cc using only command line options as given ' -d means to create a log file where indicated ' --ignore-crl is because we are intrAnet, not inTERnet ' --no-win-update means don't run a wua scan (no need, we have that already w/cm) ' --type 1 means look in the common areas of where software lives, not the entire hard drive (takes less time) ' NOTE: all available cmd line options are visible by running csia.exe -h '================== set sho = WScript.CreateObject("Wscript.Shell") set fso = CreateObject("Scripting.FileSystemObject") strCurrentDir = Left(Wscript.ScriptFullName, (InstrRev(Wscript.ScriptFullName, "\") -1)) & "\" '================= 'Pick a random number from 1 to 365. If 1 or less, then continue. else, exit. intMaxNumber = 365 intMinNumber = 1 Randomize intNumber = Int((intMaxNumber - intMinNumber + 1) * Rnd + intLowNumber) if intNumber > 1 then wscript.echo 0 wscript.quit end if '================= strTemp = sho.ExpandEnvironmentStrings("%Temp%") if fso.fileexists(strTemp & "\SecuniaScan.log") then fso.DeleteFile(strTemp & "\SecuniaScan.log") end if If fso.fileexists(strCurrentDir & "csia.exe") then sho.run strCurrentDir & "csia.exe -cc -d " & strTemp & "\SecuniaScan.log --ignore-crl --no-win-update --type 1 ",0,vbtrue Else wscript.echo 1612 '1612 is the msi code for 'Installation source not available’ End If end if if fso.fileexists(strTemp & "\SecuniaScan.log") then wscript.echo 0 end if wscript.quit

Internal Server Why did we choose to have an internal server? Technical challenges, and advantages.

Secunia vs. Other Observed benefits of Secunia vs. other (used in the past) 3 rd party integration tools. Vendor Name Pre-packages-for-us content to deploy. Wizards

Presentation Just a placeholder slide. Please use the example slides in the “Template Example Slides” Section. Questions?

Evaluations: Please provide session feedback by clicking the EVAL button in the scheduler app (also download slides). One lucky winner will receive a free ticket to the next MMS! Session Title: Managing Third Party Updates with Microsoft’s System Center Configuration Manager Discuss… Ask your questions-real world answers! SPONSORS

Section HeaderSection Header This is the next section

Title Line1 Line2 Line3 Line4 Line5 Line6 Bullet Level 1 Bullet Level 2 Bullet Level 3

Title Code

Text Only with Border Level 1 Level 2 Level 3

Text Only without Border Level 1 Level 2 Level 3

Title Text 1 Level 1 Level 2 Level 3 Text 2 Level 1 Level 2 Level 3

Section 1 Text Level 1 Level 2 Level 3 Section 2 Text Level 1 Level 2 Level 3 Title

Demo Demo Title