Add CSM Vulns limitations for Windows #26641
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Preview links (active after the
|
neko-dd
reviewed
Dec 5, 2024
content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md
Outdated
Show resolved
Hide resolved
Co-authored-by: Sandra (neko) <[email protected]>
Co-authored-by: Sandra (neko) <[email protected]>
cyrbouchiat
reviewed
Dec 9, 2024
| @@ -25,6 +25,12 @@ Cloud Security Management Vulnerabilities supports vulnerability scanning for ho | |||
| | Ubuntu | All versions supported by Canonical | apt/dpkg | {{< X >}} | {{< X >}} | | |||
| | Windows | Windows Server 2016/2019/2022, Windows 10 and later | Windows OS | | {{< X >}} | | |||
|
|
|||
| {{% collapse-content title="Windows limitations" level="h4" %}} | |||
| - Datadog detects vulnerabilities in Windows by identifying the Windows version and the security KB updates that are installed. With this information, it can determine which vulnerabilities a Windows host is subject to and which updates have been released to address them. However, some KB updates are cumulative and contain other KB updates, which might cause Datadog to misidentify which updates have been installed. | |||
There was a problem hiding this comment.
- Could we make it slightly shorter. I'm afraid it could feel heavy
- KB might not be obvious to everyone -> could we have 1 occurence that it mean Knowledge Base?
There was a problem hiding this comment.
@cyrbouchiat Sure! It now reads:
- Datadog detects vulnerabilities in Windows by identifying the Windows version and installed security knowledge base (KB) updates to address vulnerabilities associated with that version. However, some KB updates are cumulative and contain other KB updates, which might cause Datadog to misidentify which updates have been installed.
Let me know if that works better :)
There was a problem hiding this comment.
Looks like there are two files with KB in them and you only spelled it out in one instance... is that shortcode only getting used in this page before the mentions of KB, or does this page need that change too?
There was a problem hiding this comment.
Wow, a weekend really does make you forget what you were doing before. Thank you for flagging! Just applied the change to the other file.
|
Thanks. Btw, we're actively working at improving those detections. So we
might want to revisit this section in the future.
--
Cyril Bouchiat | Datadog
Product Manager, Security Products
…On Mon, Dec 9, 2024 at 5:59 PM Janine Chan ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In
content/en/security/cloud_security_management/vulnerabilities/hosts_containers_compatibility.md
<#26641 (comment)>
:
> @@ -25,6 +25,12 @@ Cloud Security Management Vulnerabilities supports vulnerability scanning for ho
| Ubuntu | All versions supported by Canonical | apt/dpkg | {{< X >}} | {{< X >}} |
| Windows | Windows Server 2016/2019/2022, Windows 10 and later | Windows OS | | {{< X >}} |
+{{% collapse-content title="Windows limitations" level="h4" %}}
+- Datadog detects vulnerabilities in Windows by identifying the Windows version and the security KB updates that are installed. With this information, it can determine which vulnerabilities a Windows host is subject to and which updates have been released to address them. However, some KB updates are cumulative and contain other KB updates, which might cause Datadog to misidentify which updates have been installed.
@cyrbouchiat <https://github.com/cyrbouchiat> Sure! It now reads:
- Datadog detects vulnerabilities in Windows by identifying the
Windows version and installed security knowledge base (KB) updates to
address vulnerabilities associated with that version. However, some KB
updates are cumulative and contain other KB updates, which might cause
Datadog to misidentify which updates have been installed.
Let me know if that works better :)
—
Reply to this email directly, view it on GitHub
<#26641 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A4OEUJOPFMKS232GDJDOB732EXEATAVCNFSM6AAAAABTDPUOJGVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDIOBZGQZTAMZQHA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Tiphaine approved in Slack, so removing the requirement for her to duplicate that here as well |
neko-dd
approved these changes
Dec 9, 2024
| @@ -26,7 +26,7 @@ Cloud Security Management Vulnerabilities supports vulnerability scanning for ho | |||
| | Windows | Windows Server 2016/2019/2022, Windows 10 and later | Windows OS | | {{< X >}} | | |||
|
|
|||
| {{% collapse-content title="Windows limitations" level="h4" %}} | |||
| - Datadog detects vulnerabilities in Windows by identifying the Windows version and the security KB updates that are installed. With this information, it can determine which vulnerabilities a Windows host is subject to and which updates have been released to address them. However, some KB updates are cumulative and contain other KB updates, which might cause Datadog to misidentify which updates have been installed. | |||
| - Datadog detects vulnerabilities in Windows by identifying the Windows version and installed security knowledge base (KB) updates to address vulnerabilities associated with that version. However, some KB updates are cumulative and contain other KB updates, which might cause Datadog to misidentify which updates have been installed. | |||
There was a problem hiding this comment.
Suggested change
| - Datadog detects vulnerabilities in Windows by identifying the Windows version and installed security knowledge base (KB) updates to address vulnerabilities associated with that version. However, some KB updates are cumulative and contain other KB updates, which might cause Datadog to misidentify which updates have been installed. | |
| - Datadog detects vulnerabilities in Windows by identifying the Windows version and the installed security knowledge base (KB) updates to address vulnerabilities associated with that version. However, some KB updates are cumulative and contain other KB updates, which might cause Datadog to misidentify which updates have been installed. |
|
/merge |
Devflow running:
|
dd-devflow
bot
added
mergequeue-status: queued
mergequeue-status: in_progress
and removed
mergequeue-status: queued
labels
dd-mergequeue
bot
deleted the
janine.chan/docs-9640-windows-csm-vulns-limitations
branch
dd-devflow
bot
added
mergequeue-status: done
and removed
mergequeue-status: in_progress
labels
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do? What is the motivation?
See https://datadoghq.atlassian.net/browse/DOCS-9640. There was a fairly lengthy discussion on Slack about why Datadog was returning odd results on Windows, resulting in this PR to clarify some of those limitations.
Merge instructions
Merge readiness:
Merge queue is enabled in this repo. To have it automatically merged after it receives the required reviews, create the PR (from a branch that follows the
<yourname>/descriptionnaming convention) and then add the following PR comment:Additional notes