Windows - Security - Lansweeper Automated Vulnerability Remediation

What the Lansweeper vulnerability sync does

This Automox Worklet™ connects your Lansweeper Cloud vulnerability data directly to the Automox platform for automated patch remediation. The Worklet queries the Lansweeper GraphQL API to retrieve all detected CVEs from your specified site, then matches those vulnerabilities against endpoints managed by Automox.

The Worklet operates in two distinct modes. In manual mode, it creates action sets in your Automox console for review before execution. In automated mode, it immediately triggers remediation actions for all patchable vulnerabilities, sending patch commands to affected endpoints.

A CSV report containing all affected hostnames, CVE IDs, and severity scores saves to the local WorkletCache directory for audit and review purposes.

Why integrate Lansweeper with Automox for vulnerability management

Organizations using Lansweeper for asset discovery and vulnerability scanning often need a streamlined path to remediation. This integration eliminates the manual process of exporting vulnerability reports, identifying affected systems, and scheduling patches through separate workflows.

The Worklet supports compliance requirements by creating an auditable trail of vulnerability detection through remediation. Security teams gain visibility into which CVEs the Automox platform can patch directly versus those requiring custom Worklet solutions.

Time savings compound as your environment scales. Rather than manually correlating vulnerability scan results with patch availability, the Worklet performs this matching automatically across all endpoints in your Automox organization.

How Lansweeper vulnerability sync works

1. Evaluation phase: The Worklet authenticates to the Lansweeper Cloud GraphQL API using your provided token and site ID. It retrieves all vulnerabilities with pagination support to handle large datasets, then checks if any CVEs exist. If vulnerabilities are detected, it triggers the remediation phase.

2. Remediation phase: The Worklet maps Lansweeper asset keys to hostnames, generates a CSV file of all vulnerabilities, and uploads it to the Automox Manual Remediations API. It waits for the action set to reach a ready state, then either creates action sets for manual execution or triggers immediate remediation based on your automatedRemediation parameter setting.

Lansweeper integration requirements

• Windows workstation or server endpoints

• Lansweeper Cloud Pro or Enterprise license (on-premises Lansweeper not supported)

• Lansweeper Personal Application configured for API access

• Four Automox Shared Secrets configured: axApiKey, axOrgID, lsToken, lsSiteID

• Automox API key from a global or zone administrator

• Worklet must target a single host endpoint using Endpoint Targeting filters

• Network connectivity to api.lansweeper.com and console.automox.com

Expected vulnerability remediation behavior

After successful execution, action sets appear in the Remediations section of your Automox console. The Worklet categorizes vulnerabilities as either patchable through Automox or unmatched, requiring custom Worklet remediation. You can verify this change through the Automox Activity Log or by checking the endpoint configuration directly.

When automated remediation runs, endpoints receive patch commands immediately if online, or upon reconnection if offline. Patches install without automatic reboots. Endpoints requiring restarts display a Reboot Required status in the console. Review remediation results in Activity Log or the Manual Remediations section.

How to validate lansweeper automated vulnerability remediation changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for lansweeper automated vulnerability remediation.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as Secrets-Management, About-Automox, Vulnerability-Sync.

4. Validate remediation effects from script operations such as Secrets-Management, About-Automox, Vulnerability-Sync, then rerun evaluation for compliance.