The Mobile Software risk vector is part of the Diligence risk category. It determines if mobile device software is supported or out-of-date. Mobile devices are smartphones and tablets in a company's network that access the Internet. Outgoing communications from mobile devices include metadata about the device's operating system, device description, browser version, and description of applications (endpoint data).
Finding Details
The details include the data in Findings, Diligence details, and also the following information:
❖ This field can be included in the table from the
Customize Columns option.Operating system (OS) and Browser Information
- EOL
- The end-of-life date for the version.
- EOL Status
- The end-of-life status of the current version.
- Family
-
❖ The family of the detected OS or browser.
- OS
- Browser
- Grade
-
❖ An assessment of the detected OS or browser based on the version’s support status.
- OS Grade
- Browser Grade
- Launch
- The launch date of the current version.
- Support Status
-
❖ The support status of the current OS or browser version.
- OS Support
- Browser Support
- Version
-
❖ The current version of the detected OS or browser.
- OS Version
- Browser Version
Observations
- Observed Devices
- The number of observed devices based on visible web activity.
- [Sample Observations] Source IP
- The source IP address of the connection when the evaluated desktop made an outbound request. This is typically an IP address associated with a firewall. The source IP and user-agent string are used to determine the OS and browser version.
- [Sample Observations] Target Host
-
The host that the browser connected with (if available). If we were able to collect target host information, it is useful for searching the firewall logs to determine which internal host made the connection. Search for the egress IP in the source IP field, the target host, and representative timestamp.
Available in the SPM application.
- [Sample Observations] User Agent
- The user-agent string as sent by the browser.
- [Sample Observations] Timestamp
- The date and time (in UTC) when the traffic was observed.
Remediation
- Remediation Instructions
- ❖ Information for how to resolve a negative finding.
- October 29, 2024: Findings Table navigation instructions moved from Risks to a new Findings section in the menu.
- October 16, 2024: Target host information might not always be available.
- August 30, 2024: Terminology – “Host IP” → “Source IP” & “Host domain” → “Target host.”
Feedback
0 comments
Please sign in to leave a comment.