LinuxLink Login   |   1.866.392.4897 |   sales@timesys.com    |  Contact Us          

Compare Vigiles Security Monitoring & Management Versions — Get Answers to Frequently Asked Questions

Compare Vigiles Versions


BASIC

Free version providing CVE monitoring for a single component list

PLUS

Basic’s CVE monitoring upgraded to unlimited component lists, plus collaboration tools for CVE triage and mitigation, advanced filtering, detailed notifications, and advanced reporting tools.

PRIME

All features of Basic and Plus, along with unique Patch Notification & Management features, links to Linux kernel patches based on identified CVEs, advanced CVE filtering, and fixed version notifications for OSS


Duration/Term

Free

Yearly subscription

Yearly subscription


CVEs affecting your software components

List of the Common Vulnerabilities & Exposures (CVEs) specific to your software components in your loaded manifest

Detailed

Detailed

Detailed


Push notifications of vulnerabilities

Notification of new CVEs that are associated with the software components in your loaded manifest

Summary

Detailed

Detailed


Track multiple component lists (build system independent)

Ability to load product manifests listing your software components and versions

Limited to 1

Unlimited per product family

Unlimited per product family


View overall counts of CVEs by severity and status

View summary counts of Common Vulnerabilities & Exposures by the severity score derived by the Common Vulnerability Scoring System as listed in the National Vulnerability Database (NVD) maintained by the US Government’s National Institute of Standards and Technology. Also includes ability to view CVEs by the status of resolution in your manifest.


On-demand CVE report generation via web

Notifications of vulnerabilities available on-demand in multiple formats


On-demand CVE report generation via command line

Notifications of vulnerabilities available on-demand in multiple formats

Summary

Detailed

Detailed


View fixed and unfixed CVEs for Yocto

For your Yocto projects, a report on which CVEs have been fixed and which have not


Categorizes by kernel, libraries, CPU and whitelisted CVEs

Flexible reports & dashboards identifying vulnerabilities by relevant project or manifest categories, for cross-manifest tracking and security process management


Team sharing and CVE mitigation collaboration tools

Vulnerability management workspace and tools for you and your team members to comment, annotate, and collaborate on triage and mitigation of each vulnerability listed in your manifests.

 


Continuously track specific issues and CVE status changes

Continuous tracking of vulnerabilities based on resolution status for your manifests.

 


Whitelist already reviewed CVEs to streamline reviews

Ability to hide CVEs that are already being addressed so as to simplify reports, collaboration and mitigation

 


Filter reports by severity (CVSS) score

Filter Common Vulnerabilities & Exposures by the severity score derived by the Common Vulnerability Scoring System as listed in the National Vulnerability Database (NVD) maintained by the US Government’s National Institute of Standards and Technology. Also includes ability to view CVEs by the status of resolution in your manifest.

 


Download reports in different formats

Ability to export reports in a variety of formats

 


Link to the patch for Linux kernel CVEs

Identification of published patches for Linux kernels associated with identified Common Vulnerabilities and Exposures, with a direct link to the patch

 

 


Minimum kernel version with a fix for a kernel CVE

Identification of the minimum version of a kernel with the fix for an identified Common Vulnerabilities and Exposures

 

 


Filter reports based on kernel configuration (experimental)

Ability to filter vulnerabilities based on the kernel configuration in your loaded product manifest

 

 


Suggested fix for userspace library/packages

Identifies a version of software where the CVE is fixed and/or provides links to user space patches where available

 

 

Frequently Asked Questions (FAQs)


What is the difference between Vigiles Basic, Plus and Prime?

Vigiles Basic is the free version and provides you with vulnerability monitoring and summary reports for 1 of your product manifests (software inventory that you load in Vigiles).

Vigiles Plus provides vulnerability monitoring and more detailed reports for an unlimited number of product manifests in a single product family, along with collaboration and communication tools to enable your team to analyze and work on mitigation for vulnerabilities.

Vigiles Prime provides all vulnerability identification and collaboration tools and expands the security management scope to include our unique Patch Notification & Management features, identifying patches and minimum versions to secure the software components that are identified in your manifests.


How does Patch Notification & Management in Vigiles Prime help with vulnerability management?

By identifying patches and minimum fixed versions, the patch management features of Vigiles Prime slash the amount of time your team spends on investigating identified vulnerabilities and exploring the mitigation steps to fix them.

Without Vigiles Prime patch management, your triage and mitigation activities will include identifying each component supplier and researching which version of a component has an available fix for a given vulnerability, if one is even available.

In contrast, Vigiles Prime patch management will automatically notify you of a patch associated with a given vulnerability for your specific components. Vigiles Prime will give you a direct link to the download for the patch. Further, Vigiles Prime will provide you with details on the minimum versions of libraries or packages and kernels that address the identified vulnerability.

Our analysis shows that Vigiles can cut your vulnerability identification and mitigation process cycles by 90 percent when compared with manual detection, investigation, and mitigation.


What are Triage Collaboration and Mitigation Tools in Plus and Prime?

These tools enable you and your team members to annotate, comment on, whitelist and otherwise collaborate on the vulnerabilities identified in your loaded product manifests. These communications tools are the foundation of highly efficient security vulnerability management workflows and risk mitigation processes.

For example, a team assigned to review a set of vulnerabilities might assign some team members to conduct impact analysis. Those team members can communicate quickly and easily about their evaluation of the security risks posed by specific vulnerabilities.

Other members may focus on high severity vulnerabilities to investigate expedited mitigation options, sharing their findings to weigh options and accelerate the response and fix.

Throughout these processes, some vulnerabilities may be whitelisted, which means they are tagged as acknowledged and in process or fixed. That way they do not clutter up the broader evaluation of inbound vulnerabilities or the mitigation workflows.

Along with flexible filtering, dashboarding, and reporting features, these collaboration tools can significantly cut the time your team spends on understanding the impact of a vulnerability and fixing it.


With Vigiles, can I compare the differences between two scans?

We have prioritized this feature request which will be included in the next release (scheduled for early Q3).


Why is Vigiles Basic listed as free for a year? What happens at the end of a year?

Timesys plans to offer Vigiles as a free service for the foreseeable future. As long as that continues, any users of Vigiles Basic can request renewal for another year of free usage.


How do I upgrade to Plus or Prime?

Just click here to upgrade at any time.


What is a product manifest?

A product manifest is the inventory of your product’s software components and the versions in your design, loaded into Vigiles for security monitoring.


What information is collected when I upload my product manifest for security monitoring?

Timesys Vigiles only collects package/recipe names, version, patches applied (if any), and build system version information. This information will only be shared with members of your team.

Timesys Vigiles does not require you to upload your product source code.


What does Timesys do with the information in my confidential product software manifest?

We currently don’t do anything with the customer information uploaded to Vigiles. Your product manifest(s) will remain in your Vigiles account for as long as you need.

When no longer needed, you can delete the information you’ve uploaded yourself or ask us to delete it for you.


What security measures has Timesys implemented to ensure my product software manifest does not get shared with other Vigiles users?

By default, all CVE links are private and are not accessible to other users based on login authentication.


What assurances can Timesys provide that my product software manifest information will not be hacked or otherwise leaked from Vigiles?

Timesys stores all manifest information in an encrypted disk.