Skip to main content

CVE-2016-2115 - SMB Signing

Purpose

This solution contains the template for the CVE detection, remediation, and auditing of the agents.

Associated Content

ContentTypeFunction
CWA Script - CVE-2016-2115 - SMB SigningScriptThis script is created to run the detection/remediation for CVE-2016-2115 - SMB Signing check and enable it if the remediation option is selected via EDF.
CWA Script - CVE-2016-2115 SMB Signing Ticketing - Per ClientClient ScriptThis client script creates a ticket for each client with the computer count where remediation is required.
Remote Monitor - SMB Signing DetectionRemote MonitorThis remote monitor is designed to check whether the SMB signing is enabled or not. If SMB Signing is disabled on the agent, it detects this and applies the autofix.
Dataview - CVE-2016-2115 SMB Signing AuditDataviewThis dataview gathers the data from the script CWA Script - CVE-2016-2115 - SMB Signing and depicts the status of SMB Signing on the agent where it is deployed.
△ Custom - Execute Script - CVE-2016-2115 - SMB SigningAlert TemplateThis alert template is designed to apply to the Remote Monitor - SMB Signing Detection to schedule the autofix script Script - CVE-2016-2115 - SMB Signing to perform the detection or remediation based on the EDF selection and store the data in the EDFs for auditing.

Implementation

  1. Import the following content using the ProSync Plugin:

  2. Reload the system cache:

    • Reload Cache

  3. Configure the solution as outlined below:

    • Navigate to Browse -> Groups -> _System Automation.Vulnerability Management.CVE-2016-2115 SMB Signing Detection & Rem -> Computers -> Monitors within the CWA Control Center and set the following:
      • Remote Monitor - SMB Signing Detection
        • Setup with △ Custom - Execute Script - CVE-2016-2115 - SMB Signing and click update.