fleet/articles/filtering-software-by-vulnerability.md

Filtering software by vulnerability in Fleet

Introduction

Fleet has introduced a powerful new feature that allows you to filter software by its associated vulnerabilities, helping you prioritize patches more effectively. Whether you're managing hundreds or thousands of software titles, this feature makes it easier to identify and address the most critical vulnerabilities in your environment.

This filtering capability is particularly useful in environments where patch management is critical to your security posture. By filtering software based on vulnerability severity and known exploits, you can first ensure that the most critical issues are addressed, enhancing your overall security strategy.

Prerequisites

• Fleet version 4.56 or later
• Premium users have access to advanced filters by severity level and known exploited vulnerabilities

Filtering Software by Vulnerability

1. Navigate to the Software page: In your Fleet dashboard, go to the Software tab. This will display a list of all the software detected in your environment.

2. Add filters: Click on the Add Filters button. This will open options for filtering the software list based on specific criteria.

3. Choose severity level: From the dropdown menu, select the Severity level of vulnerabilities you're interested in. This allows you to focus on software with the highest severity of vulnerabilities, such as "Critical" or "High."

4. Toggle "Has known exploit": You can refine your filter by toggling the Has known exploit option. This will filter the software list to show only those with vulnerabilities that have known exploits, enabling you to prioritize these for patching.

5. Review filtered results: Once you've applied your filters, the software list will update to show only the software that meets your criteria. This filtered view will help you prioritize which software needs immediate attention in your patching strategy.

Using the REST API to filter software for vulnerabilities

Fleet provides a REST API to filter software for vulnerabilities, allowing you to integrate this functionality into your automated workflows. Learn more about Fleet's REST API.

Conclusion

The new software filtering feature in Fleet makes it easier than ever to manage vulnerabilities in your software environment. You can better protect your organization from potential threats by prioritizing patches based on severity and known exploits. Explore the API capabilities to integrate this feature into your broader security workflows.

For more tips and detailed guides, don’t forget to check out the Fleet documentation.