In this article you will find:

  1. Background

  2. Pre-requisite

  3. How to configure SCCM connector

  4. SCCM as an Asset Inventory

  5. How to create Software Package Update via Vulcan

  6. FAQ

1. Background

Microsoft SCCM provides a unified management console with an automated set of administrative tools to deploy software and enforce compliance across all devices in an organization.

Vulcan's SCCM connector enables you to:

  1. Deploy patches on selected vulnerabilities faster then ever.

  2. Create software update groups based on correlation from Vulcan's Remediation Database and the available fixes from your SCCM version.

  3. Get full asset coverage by pulling all the managed devices from SCCM and correlating it to other security tools, such as vulnerability scanners or threat intelligence.

Flow

2. Pre Requisites:

  • Supported version: 1910

  • Vulcan Gateway

  • Supported site hierarchy: Single standalone primary site

  • Windows Permissions: The user that will be use to authenticate will need to be in the DomainUsers Group + Remote Desktop Users.

  • SCCM Permissions: Full Administration to the Domain group which the user is part of. 

3. How to configure SCCM connector

In the Connectors page, click on Add a Connector.

Click on SCCM connector

Fill in the following fields:
SCCM Address - IP or hostname of SCCM server
Username - User with permissions as in section 2. Please keep syntax as Domain_NAME\USERNAME
Password - Password to authenticate with user
Site Code - 3  letters word indicates the site. The Site code is indicated at the top  bar of the SCCM application. For example: PRM is the site code in the following SCCM account

*In case of SCCM deployment via Gateway:

1, Make sure the IP and Port configure to reach SCCM (default port is 5985 / or 5986 via SSL).

2. Follow the troubleshooting FAQ to make sure you covered all the necessary configurations.


4. SCCM as Asset Inventory

Vulcan's SCCM connector will pull all the devices that are managed by SCCM and display them as hosts.
Note that if assets are not part of a scan report from a scanning tool then will not be indicated as vulnerable.

Vulcan's SCCM connector pulls all relevant information and display it all under Asset's Details:

In addition to that, the following properties are created as tags on each asset: Client Type, Device Owner, Full Domain Name, Site Name and Device Collections being part of. Based on those tags you can preform various actions in Vulcan (Read more about tags).

5. How to create Software Package Update via Vulcan

Vulcan's SCCM connector enables you as a user to create software update groups based on Vulcan's 

In the Vulnerabilities page, select a Windows vulnerability that you want to fix on assets that are managed by SCCM. You can do that by using the Search bar and filter by Asset Source: SCCM

Click on a vulnerability you want to patch using SCCM and click on Take Action and then Deploy a patch

Select SCCM

Deploy patch includes 2 simple sections:

  1. Device Collection

  2. Software Update Group

Device Collection


The first step is to choose whether to create a new device collection or use an existing one.

To help make the decision, click on the "view all device collections" dropdown on the bottom - right corner of this section.

If the decision is to use an existing device collection than disabler the creation option and skip to the next section.

If the decision is to create a new device collection:

• The new device collection holds assets that contain the vulnerability and are managed by SCCM by default. If you wish to patch only some of these assets, click on the following button:

On the drop-down, select Specific assets. You can remove the asset from your future device collection by un-check it. Click OK to save the list of devices

• Name the device collection and write a short description of its purpose.
That's it - You've now defined the device collection which the fixes will be deployed on.

• Vulcan will create it automatically once the "deploy fix" will be clicked.

Creating a Software Update Group

Now that we know which assets we want to deploy the fix on, it's time to select the actual fix you want to deploy.

Vulcan will automatically add all the relevant fixes to the software update group. You can edit to choose specific fixes by clicking on the following button: 

You un-check the solution you wish not to apply on the device collection. Click OK to approve.

Name the software update group and write a short description of its purpose.
That's it - You've now defined the software update group which will be applied to the device collection.

That's it! Just click on Deploy fix and the software update group will be ready for in SCCM. Now all you need is to deploy the software update in SCCM during the next patch window.


6. FAQ

How does Vulcan offer the correct solutions?
Vulcan can offer the correct solutions by aggregating data from both our own Remediation Database and from the customer's SCCM environment.
On each vulnerability you can see under Fixes all the available solutions that Vulcan knows. When deploying the patch, only the fixes that are available from the connected SCCM (which are pulled from WSUS) and are available from our Remediation Database will be displayed as an offered solution. That way you will always be able to deploy the most accurate solution that suit your environment.    

Does Vulcan automatically triggers patch deployment ?

No, Vulcan can create device collections and software update groups in SCCM. the deployment is triggered in SCCM.

Which site hierarchy the connector supports?
Currently only single standalone primary site.

Can Vulcan pull existing device collection ?
Currently not - but will be possible in the future. Each time you deploy a fix using Vulcan, a new device collection is being created.

Did this answer your question?