Remediating SUSE Linux vulnerabilities

Edit online

Concert supports vulnerability remediation for SUSE Linux Enterprise Server (SLES) systems by ingesting SUSE security advisories, generating remediation actions for detected CVEs, and applying patches through Concert Workflows.

Use this topic to onboard SUSE advisory data, upload vulnerability scan results, generate actions for SUSE CVEs, and run automated patching on SUSE hosts.

Before you begin

Ensure the following prerequisites are met
  • Concert Workflows are installed and accessible from Workflows > Library
    • SLES_Advisory workflow
    • Create_Change_Request_For_Remediation_Action
    • Monitor_Remediation_Action_Status
    • Remediation_Master workflow
    • Apply_SUSE_Linux_Patch sub-workflow
  • Required authentications are configured:
    • Linux authentication for SUSE hosts.

      For details, follow the instructions in the Linux authentication setup section of the Remediation workflows documentation.

You will also need a VM vulnerability scan report that lists detected CVEs for the target SUSE VM.

Step 1: Load SUSE advisory data

Use the SLES_Advisory workflow to fetch SUSE security advisories from the official SUSE Security Portal. The workflow retrieves all relevant security advisories, including CVEs, advisory IDs, and patch commands, and loads them into the os_advisory_cache database table.
  1. In Concert Workflows, go to the Workflows page.
  2. Click Create workflow > Select from library .
  3. Open the SLES_Advisory workflow.
  4. Click Run workflow.

After the run completes, verify that advisory data is successfully ingested.

Step 2: Upload the SUSE vulnerability scan report

Next, upload the SLES VM scan report so Concert can identify which advisories apply to your environment.

  1. Go to Concert > Dimensions > Vulnerability.
  2. Upload the SUSE VM vulnerability scan report.

    See the Uploading a vulnerability scan topic for more information.

  3. Concert processes the report and lists the detected CVEs for the VM.

When processing completes, the Actions list displays all generated SUSE actions.

Step 3: Apply SUSE Linux patches

Use Concert Workflows to automatically apply patches to SUSE hosts.

The SUSE patching uses:
  • Parent workflow: Remediation_Master
  • Sub-workflow: Apply_SUSE_Linux_Patch

These workflows use the action data generated in Step 2 to apply the recommended patches.

To run SUSE patch remediation:
  1. Go to Concert > Workflows >
  2. Open Remediation_Master.
  3. Provide the required inputs:
  4. Click Run workflow.

    The workflow automatically triggers the Apply_SUSE_Linux_Patch sub-workflow, retrieves SUSE patch commands, and executes them on the VM.

When complete, the workflow summary shows the patched CVEs.

Step 4: Review results

After remediation completes:
  • Verify that the action status is updated in Vulnerability > Actions.
  • If needed, rerun the upgrade for failed hosts.
  • Confirm that the CVE count decreases for the SUSE VM in subsequent scans.

For more details, see Reviewing and applying remediation actions.