In this article, you'll find answers to the most frequently asked questions.

SUMMARY

• General
  • How is Yuno hosted?
  • Is the Portal protected by a strong authentication mechanism (2FA)?
  • Is there an API on the portal?
  • How can I receive information?
  • Does the lePortail platform carry out an automated asset inventory?
  • Is there any rights management on the Portal?
• Technologies monitoring
  • Is it possible to request the addition of technologies not yet monitored?
  • How do you collect technology-related information?
  • Is it possible to monitor specific technology versions (major/minor releases)?
• The content
  • Who writes the bulletins?
  • How do you assess criticality?
  • How often are bulletins issued?
  • How many bulletins does XMCO publish per day on average?
  • In what languages are bulletins published?
  • How can I filter the information I receive?

General

How is Yuno hosted?

• Yuno is hosted in a certified cloud located in France.
• Yuno only rents the infrastructure; the rest of the configuration is fully managed by XMCO.

Is the Portal protected by a strong authentication mechanism (2FA)?

Yes, via SMS. For more information, click here.

Is there an API on the portal?

Yes, the documentation is directly available here. 

We can provide a set of example scripts in Python that implement the API's main functionalities.

How can I receive information?

Newsletters are sent by email or can be consulted on the Portal, and via API. It is also possible to receive SMS messages to be informed of the most critical alerts.

Does the lePortail platform carry out an automated asset inventory?

No, it's up to the customer to determine the technology inventory. This allows you to develop your monitoring service gradually, without being swamped with information.

Is there any rights management on the Portal?

• Managers can create, list and modify perimeters and preferences for all users.
• Regular users can create and modify their own perimeters.
• Regular users can be added to read-only OR read/write perimeters.
• External service providers are added to perimeters by users/managers, but have only read-only access.

The role list is available here.

Technologies monitoring

Is it possible to request the addition of technologies not yet monitored?

Requests to add technologies are accepted free of charge, subject to validation by CERT-XMCO. Validation depends, among other things, on :

• the existence of an official source from the publisher
• The source must be easilyaccessible (no login interface, for example).
• The technology tracked must be noteworthy. Its tracking must be of use to as many people as possible.

You can directly ask us by sending an email to support@xmco.fr (template available here) or by creating a ticket in Freshdesk.

How do you collect technology-related information?

in 2 ways:

• Quantitative collection through scripting

Wherever possible, we take advantage of the tools made available by publishers (mailing lists, RSS feeds, etc.) to be notified as quickly as possible when new information is released.

However, as not all publishers offer this type of tool, XMCO has been developing tools for nearly 10 years that automatically fetch information from over 1,000 sources (publishers' websites, blogs, social networks, etc.). This collection of sources is continually updated to ensure it remains relevant.

• Qualitative collection to qualify and enrich the raw information from the scripts

Our experts also carry out their own monitoring, which enriches and qualifies the data in the scripts.

As XMCO specializes in the field of Cybersecurity, consultants from all our divisions help to identify and collect the latest news and topics. This ensures that our customers have access to relevant information, whatever the topic: current attacks (CERT division), new attack techniques (PENTEST division), new regulations (GRC division), etc.

Similarly, our consultants have a wide range of interests, which also helps to ensure broad coverage of cyber-security topics: security in mobile environments (Android, IOS), OS security, security in Cloud environments, etc.

Is it possible to monitor specific technology versions (major/minor releases)?

Generally speaking, monitoring allows you to subscribe to a software publisher, to one of its products, or even to one of the major versions of this product.

• It is possible to subscribe to specific major versions of certain technologies (Windows, Java, Office, PHP...).
• It is not possible to subscribe only to specific minor versions.

There are several reasons for this pragmatic approach to monitoring:

• Generally speaking, patch levels are fairly heterogeneous within the IS.
• For a given technology, we currently don't have any customer who claim to be using only one version of this technology.
• The downside of the service's reactivity is that software publishers have little experience of vulnerability analysis. This can result in a degree of imprecision in the analysis proposed. For example, a vulnerability initially affecting only one version may affect another the following week.

Consequently, excessive precision could result in a loss of information.

Last but not least, monitoring very precise minor versions would entail a heavy workload for the person in charge of setting up Yuno. They would have to check regularly that the versions monitored in their Yuno configuration correspond to those in their information system.

The content

Who writes the bulletins?

All XMCO consultants write bulletins. This enables Yuno to benefit from feedback from experts in the various fields of cybersecurity: penetration testing, GRC, CERT...

How do you assess criticality?

Criticality is assessed by XMCO's consultants on the basis of the criticality announced by the vendor (in particular the CVSS score), but also via the consultant's assessment based on his or her experience, or via environmental factors (type of component affected, presence of public operating code, current cyberattacks...).

How often are bulletins issued?

Every 24 hours: information is collected twice a day and written in the morning.
Publication generally takes place between 12pm and 3pm.

How many bulletins does XMCO publish per day on average?

XMCO publishes an average of 25 bulletins daily (20 technical bulletins and 5 news bulletins).
Managerial synthesis are published weekly.

In what languages are bulletins published?

All bulletins are available in French and English. Language settings are available for each user.

How can I filter the information I receive?

Users can filter the newsletters they receive in several ways:

• Reducing the number of technologies the user follows (via perimeters)
• Receive only specific types of bulletins (only patch-type technical bulletins and environmental bulletins dealing with "malware", for example).
• Be notified only when a certain criticality threshold is reached (receive only important or critical technical bulletins, and only critical environmental bulletins).

We recommend starting by tracking the technologies the user needs, with the maximum amount of information sent (no restriction on tags and criticality). Depending on the user's experience, we then recommend implementing thematic or criticality restrictions.