DeepSurface: Plans

Documentation
Installation Guide
Overview
Let DeepSurface Host For You
Getting Started
System Requirements
Self Hosted Quick Start - Installing to Cloud Platforms
Self Hosted - Installation Using an OVA
Registration, Package Installation, and Initialization
First Steps After Initialization of the Console
Deployment Options
Main and Subordinate Consoles
Agent-Based Deployment
User Managed Scan Deployment
Credentialed Scanning Deployment
Mixed Environment
Deployment Tools
Active Directory Group Policy
Microsoft Endpoint Configuration Manager (part of InTune)
Tanium Deploy
HCL BigFix
Ivanti
Virtual Machines
VMWare
Virtual Box
VirtualBox Guest Additions
AWS EC2 (BYOL)
AWS EC2 (Usage Based)
Azure Cloud
Google Cloud
Additional Items to Consider
Main Console Server Certificates
LDAP
TOFU
Clock Sync
DeepSurface Commands
Multiple Vulnerability Sources
API Documentation
User Guide
Reporting
Dashboards
Exports
Risk Insight
Hosts
Patches
Vulnerabilities
Vulnerability Instances
Users
Remediation Workflow Manager
Plans
Settings
Integrations
Workflow
Exporting
Accepted Risk Plans
Accepted Risk Workflow
Explore
Model
Paths
Activity
Tasks
Configuration Alerts
Scan Logs
Notification Settings
Scanning
Status
Agents
User Managed
Credentialed Scanning Settings
Credentials
Scan Groups
General Settings
Cloud Scanning
Network Connectivity
Subordinates
Vulnerability Sources
Setup
Sensitive Assets: Polices
Sensitive Assets: Manual
Admin Settings
SMTP Settings
Certificates
Outbound Proxy
Authentication Providers
Users
Tags
Integrations Guide
Vulnerability Sources
CrowdStrike Spotlight
SentinelOne
Carbon Black Cloud
Microsoft Defender for Endpoint
Wazuh
Lansweeper Cloud
Nessus API
Tenable.io API
Security Center/Tenable.sc API
Rapid7 InsightVM API
Qualys API
Nozomi Guardian
Eclypsium
AWS Inspector
Remediation
Jira Software
Tanium (BETA)
Authentication Providers
LDAP (Active Directory)
SAML (Azure Active Directory)
SAML (Google)
SAML (Okta)
PAM
CyberArk
Delinea (Thycotic)
Microsoft LAPS
Security Guide
Firewall Configuration
Base Network Requirements
Agent Network Requirements
Credentialed Scanning Network Requirements
API Network Requirements
How DeepSurface Scans Work
Domain (LDAP) Scanning
Host Scanning Routine
Reasons for the Administrative Access Requirement
Endpoint Protection Considerations
Other Items
Scope of Data Storage and Retention
IPS/IDS Considerations
Logging
Resetting the DSADMIN password
Product Information
Changelogs
Open source Licenses
End User License Agreement (EULA)

Remediation plans are the heart of the remediation workflow. Remediation plans allow you to focus on as narrow a subset of hosts, patches, or vulnerabilities as you like and DeepSurface will help you prioritize what to work on and in what order.

To create a new remediation plan, click the new remediation plan button in the top right. You will be presented with the creation wizard that breaks the process down into 4 steps:

  1. Plan Details
  2. Select Risk Items
  3. Select Tasks
  4. Review/Approve

1. Plan Details

Remediation Plans - step 1

In the Plan details tab, simply fill out any details that will make it easy to identify the purpose of this remediation plan. Feel free to skip to the second tab and come back to this later if you do not yet have an idea of what this plan will encompass

2. Select Risk Items

Remediation Plans - step 2

Selecting Risk items is perhaps one of the most important steps of building a remediation plan. In this step you can choose the underlying items you would like to focus on for this remediation plan. Use the type dropdown to switch between hosts you would like to apply patches to, patches you would like to apply across your entire environment, or vulnerabilites you would like to remediate. Each item type also allows you to additionally search by keywords to help you narrow down to what you want to focus on. Whatever type (host, patch, or vulnerability) you choose, the list will be conveniently pre-sorted by risk reduction. The items at the top of the list having the greatest impact of reducing your overall risk if remediated. Feel free to mix and match whatever you want to add to your remediation plan. Whatever you decided to add will show up in the corresponding section in the right column. We recommend narrowing the focus of this plan to a few targeted items. You can always make as many plans as you like, each with its own focus. Once you are satisfied with the underlying risk items that you have selected, you can move onto the task selection step.

3. Select Tasks

Remediation Plans - step 3

The select task step will become available to you once you have at least 1 risk item selected in step 2. This step may appear daunting at first, but this is where DeepSurface really flexes its ability to recommend the best approach to remediating your environment based on the items you have selected to focus on.

Behind the scenes DeepSurface has analyzed, sorted, and prioritized the best approach to handle what you have decided to focus on for this plan and laid them out for you as suggested tasks that you can add to your plan. All of the suggested tasks appear in a list sorted by risk reduction benefit, the biggest bang for your buck appearing at the top of the list.

You will notice that each task has an item that will be remediated and action that is to be performed on that item. For example, Apply XXX patches to ###### host or Apply ###### patch to XXX number of hosts. DeepSurface has identified what you are wanting to remediate and grouped the actions together into tasks that involve the same work. This work is further broken down by owner of the host. Therefore it is possible that you might see the same, or very similar, task repeated a couple times, but with different owners. The owners of a task are automatically assigned to the owner of the tag that the given host is a part of, but this can be re-assigned any time.

You will no doubt notice that if you scroll down the list of suggested tasks, the risk reduction benefit of a given task quickly reaches a point of diminishing returns. It is for this reason, we suggest accepting the top tasks first. Once the tasks you accept take care of enough of the risk, the remaining tasks have very little (if any) benefit.

4. Review/Approve

Remediation Plans - step 4

Once you have finalized selecting all of the tasks you would like to commit to for this plan, the review/approve tab gives you an overview of the plan in its current state. On this screen you can re-assign owners of tasks, see progress for the plan as whole or on a task by task basis, and commit to the plan. Since this plan was just started, it is currently in a "Draft" state. While in this state, you can freely move from tab to tab and change anything you like. If you decide to commit to this plan by clicking the "Activate" button in the lower right, then you will see the following warning.

Remediation Plans - Activate

As you can see from the warning, once you activate the plan you can no longer change the underlying risk items for this plan. DeepSurface will automatically track your progress on the tasks for this any time it runs an analysis and swapping out the underlying risk items while trying to track progress would be like trying to swap out the foundation of a home after it has already been built. Once Activated, a plan can be tracked in DeepSurface, but can also be exported as an Excel spreadsheet, as emails, or to a previously configured third-party ticketing service. From the main Remediation > Plans screen if you try to export to ticketing, the interface will let you know that you must first setup a ticketing service, which we will visit in the next section.

Remediation Plans - export attempt 1 Remediation Plans - export attempt 2