A user is looking to report on applications with high Network Utilization in a Non-persistent environment. They suggest having a "Top 5" report for Network Usage. Another user recommends using the Process view in CU4VDI or the Monitor PowerShell query API to easily sort based on Network send or receive.
Read the entire article here...
ControlUp for Compliance (Secure DX)
ControlUp for Compliance (Secure DX) training and support-related archives from inside the ControlUp Community on Slack.
The Possibility of an API for CU4C for Workflow Automation and Ticket Creation
A user asked about the possibility of an API for CU4C that could trigger workflows in CU4W when a patch is detected. Another user asked for clarification on the use case for this feature, to which the first user explained that it would help automate ticket creation for new application vulnerabilities. The CU4C PM, @member, would have more details on the API release and it was mentioned that it should be ready by the end of the month, with potential for more endpoints to be added in the future.
Read the entire article here...
Read the entire article here...
Triggering SecureDX Agent Installation in ControlUp.
Members discussed whether it is possible for the ControlUp for Devices Agent to trigger the SecureDX agent to install. Options for automatically installing the CU4C client using scripts were suggested, but with a disclaimer that it has not been tested by the Dev Team. This issue is on the roadmap but there is no ETA. A suggested workaround is to set the install script to run once per day. This process is outlined in detail in the discussion thread.
Read the entire article here...
Read the entire article here...
Troubleshooting Secure DX Agent Auto-Updates in ControlUp
In the discussion, there was a question about the Secure DX agent not automatically updating in CU4D. It was suggested that the agent may not be updating due to it being manually deployed. The solution was also given to update manually or make changes to the script to run more frequently. There are planned changes in the works to give users more control over the versions and updates, similar to what is available in CU4D. It was also mentioned that if the script is not running once a day, support can be contacted to help troubleshoot the issue. The Devices tab can show which devices have upgraded to the latest version, with the install date of 8/19 being mentioned. The script will only run if devices are on at specific times.
Read the entire article here...
Read the entire article here...
Exploring the Patching Process at ControlUp
A discussion took place regarding the process of remediation for patching and whether the device reaches out to a CDN or pulls directly from the vendor website. ControlUp has tools for analyzing network impact, including the ability to disable the default CDN and download patches directly. The location where patches are downloaded and stored was also mentioned. The impact on the network will depend on the type of update, but patches are downloaded as compressed files and then uncompressed during deployment.
Read the entire article here...
Read the entire article here...
How to Clean Up Old Patches on ControlUp Client Devices
A user asked for a way to clean up old patches on client devices without causing any issues. It was recommended to enable logs in the C:\ProgramData\ControlUp\CU4C\logs\files or C:\ProgramData\ControlUp\SecureDX\logs location to check for remediation failures or aborts. It is safe to delete subfolders in the patches folder.
Read the entire article here...
Read the entire article here...
Dealing with a Compliance Alert in ControlUp
A user received a compliance alert about the "built-in" local Windows administrator account being in the local administrators group, which is a default and mandatory setting. There was discussion about how to deal with this issue and suggestions were made to check and exclude items in the scanning template. One user suggested that the setting could be more useful if it could identify other accounts and ignore the built-in "administrator" account. The issue was passed on to the secure DX PM.
Read the entire article here...
Read the entire article here...
Automating the Deployment of ControlUp for Compliance
A user asked about automating the deployment of ControlUp for Compliance (formerly known as Secure DX) for new physical machines. Another user shared a script that could run the installation silently. The script can be found at https://cdn.spm.controlup.com/agent. Instructions were provided on checking for the latest version and running the script if necessary.
Read the entire article here...
Read the entire article here...
ControlUp for CVE Remediation in Large Organizations
A user inquired about using ControlUp for remediating CVEs in their organization with 40k+ devices. They were looking for a proposal template to use and announced their plan to target the most vulnerable devices first in batches. Another user shared that they have been patching their devices on a monthly basis and asked about others' patching schedules. A response mentioned that they encountered some issues related to scheduling but they have since been fixed and the product has been stable for months. The user then thanked them for the feedback.
Read the entire article here...
Read the entire article here...
Configuring Risk Levels in ControlUp Secure DX/Apps
A user asked if it is possible to define the risk levels themselves under Secure DX/Apps. Another user responded that currently risk scores are not configurable and are based on factors such as CVE scores and number of affected devices. This means that they are unable to change the risk levels at this time.
Read the entire article here...
Read the entire article here...