Hello all,
Vulmon Alerts is a freemium cybersecurity SaaS product.
Vulmon Alerts makes you aware of vulnerabilities that are of interest to you via daily emails, Slack notifications, RSS feeds, and APIs.
Any feedback is appreciated!
Thank you
1 Like
Looks like a useful tool! Just some first impressions:
-
The first question I had when browsing the site was what sources you use to send out the alerts. Is it primarily the CVE database, or does it also include other (curated) sources? I assume it’s impossible for you to start manually tracking Github repos of popular libraries and search issues for security problems which haven’t made it into an CVE (yet), but just wondering.
-
Maybe it helps to allow for a demo alert to see what it looks like before having to sign up?
-
A small bikeshedding design-detail, but the “About” page was not so easy to parse with its current width and small font size.
Hope that’s helpful, good luck!
1 Like
Hi wim
Github is among the sources of vulmon.com, but Vulmon Alerts isn’t using it yet. While vulmon.com has about 70 different sources, alerts.vulmon.com uses 9 of them. These 9 sources include Vulmon Alerts’ own analyst database also.
Thank you so much for your valuable feedback.
Do you have any way to scan a system (e.g. a CentOS server) to determine what packages are on it and automatically subscribe to relevant updates? E.g. say I have PHP installed but not Ruby - I only want to see PHP updates. Then at a later date I install Python 3.7 but forget to update the packages I’ve subscribed to, having it automatically added would be really useful.
I realise this would be a ton of work if you don’t already have such an ability, but thought I’d throw it out there 
.
Allan
1 Like
Hi Allan,
Actually Vulmon project has a subproject named Vulmap. It works in Windows and Debian machines. You run it in your localhost, it collects your installed software information and asks Vulmon Scanner API if they have any vulnerabilities.It is not same thing with your idea but they are similar.
On the other hand I may develop a script to collect installed software in a host and automatically subscribe them on Vulmon Alerts. I think this would be really useful.
That is a really good looking tool! I agree, the one missing link there is a daemon of some kind which will run periodically to find new software installed / updates / removals, and sync that to a list which can then be used for live alerting.
The final think would be that I would need an iron clad guarantee about privacy before any of this touched a server. I don’t see a privacy policy on the Vulmon site. From my point of you it is the same as installing any other privileged software on the server - potentially extremely dangerous!
Vulmon Alerts has a privacy policy here. But since it doesn’t have this feature yet, the privacy policy doesn’t mention that. But it is an important point too.
Besides privacy policy, I think the agents run on customer computers should be open-source. It makes them more trustworthy.