Capture Client Monitoring with Dashboard, Threats and Applications
Investigating and Responding to Risky Applications
Unpatched applications can be vulnerable to exploits and expose your entire IT infrastructure. Capture Client investigates and manages the risk associated with the apps (across all devices associated with a tenant) that do not have the latest patches.
Endpoint applications are scanned automatically on a weekly basis on every Wednesdays at 11 PM. The manual rescan can be done from SentinelOne console, if you have a Capture Client Premier license. Otherwise you need to contact the support team for assistance.
The Dashboard displays the number of vulnerable apps across all devices associated with a tenant.
At the top of the page, you have the options to
- Filter the list: Click and select the check the boxes for the Risk Level, Type, OS, or Device Type options to filter on.
- Search: Click and enter the search string.
-
Download Files: Click to download the Endpoint and CVE (Common Vulnerability and Exposure Identifier) lists.
-
Refresh data: Click to refresh data.
To investigate and respond to vulnerable applications
-
Click Applications to view the list of vulnerable applications.
The table on the Applications page lists the unpatched applications and displays the highest severity based on the highest base score for each. The values for the highest severity scores are Critical, High, Medium, and Low.You can sort the applications based on their risk level by clicking the upward/downward arrow next to Highest Severity in the header row.
The risk levels are categorized according to the Highest Severity Scoring System as given below:
Risk Level Color Highest Severity Score Critical Dark Red 9.0 to 10.0 High Bright Red 7.0 to 8.9 Medium Orange 4.0 to 6.9 Low Yellow 0.1 to 3.9 No known risk Green The application poses no risk to the endpoint.
-
You can choose to filter the vulnerable apps with Highest Severity, or Device Type to attend to the vulnerable apps on your priority.
-
Use filter options to list the applications based on Highest Severity or Device Type.
-
For more information about vulnerabilities in each application, click on each application to see details.
-
Click on the Endpoint tab to view the detailed description of the Device, OS Version, Type, Domain, Application Detection Date, Days from Detection, Last Successful Scan, and Last Scan Result.
-
Click on the CVEs tab to view the Common Vulnerabilities and Exposure details including the CVE ID, Severity, NVD Base Score (the highest National Vulnerability Database score), Published Date, Description, and the CVE Links.
For more information the application view details are explained in the table given below.
Item Description Application Name Name of the application that has vulnerability Vendor Application Vendor Highest Severity Based on the Base score. The values are Critical, High, Medium, and Low. Highest NVD Base Score Highest National Vulnerability Database (NVD) score for this application. Number of CVEs The number of CVEs that were detected on this application Number of Endpoints The number of endpoints the application has installed. Application Detection Date When the Agent detected this application on the endpoint. Days from Detection The number of days this application is on the endpoint from the time the Agent detected it.
-
-
You can also download the Endpoints and CVE lists clicking on .
-
Click on the Inventory tab to view the details such as Name, Vendor, Number of Versions, and the Number of Endpoints.
Was This Article Helpful?
Help us to improve our support portal