Skip to main content

Protecting your systems | Modernizing RHEL Management 05

We are halfway through, and this week is all about security. John walked through the two services that tend to drive Insights adoption: vulnerability management and malware detection. Patching a system does not mean it is protected, so we dug into how Insights helps you cut a wall of CVEs down to the handful that truly demand attention, then set up a live malware scan with EICAR test files.

A few things worth carrying away from this one:

  • Security rules and known exploits are how you prioritize. John took 1,200 vulnerabilities down to 34 with security rules, then to three by adding known exploits. That deep threat analysis from Red Hat’s product security team is the value add over a raw CVE list.
  • “Affected but not vulnerable” is a real status. A system can be affected by a CVE but not actually vulnerable because of your configuration, like SELinux in enforcing mode. Insights flags those so you can deprioritize them honestly.
  • Malware detection tells you, it does not fix. There is no remediation playbook here on purpose. When Insights finds malware, you follow your own IT incident procedures, and you can get notified over Slack, email, or Google Chat the moment it triggers.

Insights is not a replacement for a Qualys or a Rapid7. It is a RHEL-specific view that helps you clear false positives and back up what your other tools are telling you.