/
Deploying Secunia CSI / PSI

Deploying Secunia CSI / PSI

Owned by Joshua Drummond
Last updated: Nov 19, 2013

The Basics

  1. Just looking for a solution for one or a few self-patched machines with no central management?  Our campus license allows you to use the freely available PSI version on University-owned machines.  You can download and install from http://secunia.com/products/consumer/psi/ and ignore the rest of this page.
  2. Otherwise for groups that centrally patch and maintain multiple machines, you should use CSI instead.  Get your Secunia CSI group account from security@uci.edu
    1. To get setup you'll need to provide:
      1. The department/organization you belong to and are responsible for patching, acronym used in setting up username
      2. An email address contact you want to be the account "owner" (and the initial password gets sent to)
      3. The number of hosts you plan on deploying to (this can be changed later)
      4. Your current patching solution(s), for informational purposes
  3. Access the Secunia CSI 7.0 web console by going to https://csi7.secunia.com
  4. Verify you can login to the console using your account username and initial password.  Change your password the first time you login (under Menu -> Configuration -> Security -> Change Password)
  5. Secunia CSI 7.0 – Technical User Guide to become familiar with the product.

Deploying

  • For machines that your group has complete control over patching and maintenance it is recommended you deploy CSI agents to those machines.  For machines where the user has administrative rights and can patch their own machine but you'd still like visibility and reports into it you can choose to deploy CSI agents and/or linked PSI agents to them.
  • Configuring Secunia CSI
    • Inside CSI Console, go to Menu -> Configuration -> Settings -> CSI Windows Update Settings and select either "managed Windows Update server" if using WSUS or "official Windows Update server" otherwise
    • If using WSUS and your CSI Console is not installed on your WSUS server, you'll need to install the WSUS Management Console on the same machine as you installed CSI Console on for them to integrate together
  • Deploying CSI agents
    • CSI Agent download is unique to your account: download from inside CSI Console -> Menu -> Scanning -> Scanning Via Local Agents -> Agent Download & Setup
    • Using your software deployment mechanism of choice (WSUS, GPO, LanDesk, etc) copy the csia.exe file into a newly created directory "C:\Program Files\Secunia\CSI\" on target machines
    • Start agent using "C:\Program Files\Secunia\CSI\csia.exe -i -L -v -d csilog.txt -g SITE" on target machines (where SITE is the group name you want to use for that subset of machines)
  • Deploying linked PSI agents
    • Linked PSI download is unique to your account: download from inside CSI Console -> Menu -> Scanning -> PSI Integration -> Download Custom PSI (generate new Link ID for yourself)
    • Manually copy the PSISetup*.exe file to the target system and install it locally (requires administrator rights), initiate first scan which will send results to the server
  • Once agents check in, you can edit their settings inside CSI Console under Menu -> Scanning -> Scanning Via Local Agents -> Single Host Agents -> right click on an entry to edit it (or its entire site) configuration.  Key things you'll want to change may be "Agent check-in frequency" (if you want updates to apply faster), "Inspection type" to improve accuracy, and definitely "Days between scans" to more frequent than 7 days, change it to 1 day (schedule for sometime during the night) to begin with and only make it longer if you notice significant performance issues on the machine.  With zero-day exploits and patches it is important to have up to date results.
  • You can look at scan results under Menu -> Results and/or generate reports under Menu -> Reports

Resources

  • Latest customer support documents and contact information can be found inside the Secunia CSI web console using the Help button on the top right.
  • Secunia CSI Resources - videos and pdf documentation

Advanced Tips & Tricks

Custom SQL to get concise and detailed host vulnerability data in CSI local database console (accessible from Menu -> Administration -> Secunia CSI API -> Local Database Console):

SELECT host as Host, langroup as 'Group', no_score as 'Score %', product_name as Program, version as Version, secure_version as 'Secure Version', vuln_title as 'Vulnerability', path as Path, CASE WHEN eol > 0 THEN 'End-of-Life' ELSE (CASE WHEN secure = 0 THEN 'Insecure' ELSE 'Patched' END) END as 'State', CASE WHEN vuln_criticality <= 1 THEN 'Extreme' ELSE (CASE WHEN vuln_criticality <= 2 THEN 'High' ELSE (CASE WHEN vuln_criticality <= 4 THEN 'Medium' ELSE 'Low' END) END) END as Criticality, updated as 'Last Scan', missing_ms_kb as 'Missing MS KB' FROM nsi_devices d, nsi_device_software ds WHERE d.nsi_device_id = ds.nsi_device_id and secure = 0 ORDER BY host, product_name, path;