Idea ID 1765729
Historically, installed software/SAI signatures are created in DDMI / UDI components, while running software signatures are coming from DDMA/UD Full functionality. In general, the type of data collected is a bit different – the installed software is recognised based on files/package rules, etc. while running software signatures use processes and ports + Jython plug-is (for discovery of more detailed data).
Scanners collect details about running processes as well as TCP/IP connectivity, so they have the information required to also create the running software signatures (possibly automatically or semi-automatically). SSA has SAI editing capabilities, so it would make sense to add running software signature capabilities to it.
We need an enhancement to rationalise both signature types and automate the process as much as possible.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.