Software Management
NopeSight's Software Management provides complete visibility and control over your software assets, from discovery to compliance. With AI-powered intelligence and automated processes, you can optimize costs, ensure license compliance, and maintain a comprehensive software inventory.
Overview
Software Management in NopeSight helps you:
- Discover all software installations across your infrastructure automatically
- Normalize software names and versions using AI for consistency
- Track licenses and ensure compliance with vendor agreements
- Optimize software costs by identifying unused or underutilized licenses
- Manage the complete software lifecycle from deployment to retirement
Software Inventory
Understanding Software Hierarchy
NopeSight organizes software into three hierarchical levels for better management:
Software Families
Groups of related software products from the same vendor or serving similar purposes:
- Microsoft Office Family - Includes all Office products and versions
- Adobe Creative Suite - Groups all Adobe creative applications
- Database Servers - Contains Oracle, SQL Server, PostgreSQL, etc.
- Security Software - Antivirus, firewall, and encryption tools
Software Products
The actual software titles available in the market:
- Specific product names (e.g., "Microsoft Excel", "Adobe Photoshop")
- Version-independent product definitions
- Vendor-specific product catalogs
- License models and pricing structures
Software Instances
Actual installations discovered on your infrastructure:
- Specific versions installed on devices
- Installation dates and locations
- Configuration details
- Usage patterns and last access times
Software Discovery Process
NopeSight automatically discovers software through multiple methods:
-
Agent-Based Discovery
- Scans Windows registry and program files
- Queries Linux package managers
- Identifies running processes and services
- Captures version and configuration details
-
AI-Powered Normalization
- Standardizes different naming variations
- Maps discovered software to the global catalog
- Identifies software families automatically
- Detects bundled and OEM software
-
Automatic Classification
- Categorizes software by type (OS, Database, Utility, etc.)
- Determines licensing models
- Identifies critical vs. non-critical software
- Maps to security vulnerability databases
Software Inventory Dashboard
The Software Inventory interface provides:
-
Real-time Statistics
- Total software items in your environment
- Number of software families
- Unique vendors
- Total installations across infrastructure
-
Advanced Filtering
- Filter by software family, vendor, or category
- View specific CI types (Family, Product, Instance)
- Search by name, version, or status
- Export filtered results to CSV
-
Installation Tracking
- See how many devices have each software installed
- Identify most and least deployed software
- Track installation trends over time
- Monitor unauthorized software
Global Software Catalog
What is the Software Catalog?
The Global Software Catalog is your organization's master reference for all approved and known software:
- Vendor Catalogs - Official software listings from major vendors
- Internal Standards - Your organization's approved software list
- License Definitions - Standard license types and terms
- Compliance Rules - Automated compliance checking rules
Catalog Features
Automated Catalog Updates
- Regular updates from vendor sources
- New version detection
- End-of-life notifications
- Security advisory integration
Software Standardization
- Define preferred software for each category
- Set organization-wide standards
- Create exception policies
- Track non-standard software
Cost Management
- Track software costs and pricing models
- Monitor subscription renewals
- Identify cost-saving opportunities
- Budget planning and forecasting
License Management
License Types Supported
NopeSight supports all common licensing models:
Per Device Licensing
- One license per device/machine
- Virtual machines count separately
- Common for desktop software and server CALs
Per User Licensing
- One license per named user
- User can access from multiple devices
- Typical for SaaS and cloud applications
Per Core/Processor Licensing
- Based on server hardware specifications
- May have minimum requirements
- Common for database and middleware
Concurrent User Licensing
- Limited simultaneous users
- Requires usage monitoring
- Typical for specialized applications
Site/Enterprise Licensing
- Unlimited use within organization
- May have geographical restrictions
- Often includes maintenance and support
Subscription Licensing
- Time-based access rights
- Recurring payment model
- May include updates and support
License Compliance
Compliance Dashboard
Monitor your license position in real-time:
- Compliant - Sufficient licenses for installations
- Over-licensed - Excess licenses available
- Under-licensed - Compliance risk areas
- Unknown - Requires investigation
Automated Compliance Checking
- Continuous monitoring of installations vs. entitlements
- Risk assessment and financial impact calculation
- Proactive alerts for compliance issues
- Vendor audit preparation tools
True-Up Management
- Track license shortfalls and surpluses
- Calculate true-up costs
- Plan for renewal negotiations
- Historical compliance tracking
AI-Powered Intelligence
Software Recognition
Our AI automatically:
- Identifies software from discovery data
- Normalizes naming variations
- Classifies into appropriate categories
- Maps to vulnerability databases
- Suggests optimization opportunities
Relationship Discovery
AI analyzes your environment to find:
- Software dependencies
- Integration points
- Business service components
- Impact relationships
- Redundant installations
Predictive Analytics
- License requirement forecasting
- End-of-life planning
- Cost optimization recommendations
- Security risk assessment
Maintenance and Optimization
Automated Maintenance Tasks
Installation Count Updates
- Automatically calculates software deployment numbers
- Updates installation metrics across all software instances
- Runs as background job without system impact
- Provides detailed completion reports
Software Cleanup
- Identifies unused software
- Detects duplicate installations
- Finds outdated versions
- Suggests removal candidates
Optimization Recommendations
The system provides actionable insights for:
License Optimization
- Harvest unused licenses
- Reallocate underutilized licenses
- Identify consolidation opportunities
- Negotiate better terms based on usage
Standardization Opportunities
- Reduce software sprawl
- Consolidate similar tools
- Establish preferred vendors
- Simplify support requirements
Cost Reduction
- Eliminate redundant software
- Right-size license purchases
- Convert to more economical models
- Leverage volume discounts
Reporting and Analytics
Standard Reports
Software Inventory Report
- Complete listing of all software
- Installation counts by product
- Version distribution analysis
- Vendor breakdown
License Compliance Report
- Compliance status by product
- Risk assessment summary
- Financial exposure calculation
- Remediation recommendations
Software Spend Analysis
- Cost by vendor and category
- Department cost allocation
- Trend analysis over time
- ROI calculations
Audit Readiness Report
- Documentation completeness
- Compliance position summary
- Exception documentation
- Historical compliance trends
Custom Analytics
Create custom reports for:
- Executive dashboards
- Department-specific views
- Vendor management meetings
- Budget planning sessions
Best Practices
Discovery Configuration
✅ Enable comprehensive scanning - Configure agents for deep software discovery
✅ Schedule regular scans - Daily incremental, weekly full scans
✅ Monitor coverage - Ensure all devices are being scanned
✅ Update signatures - Keep software detection patterns current
License Management
✅ Centralize license records - Maintain single source of truth
✅ Regular reconciliation - Monthly compliance checks
✅ Document exceptions - Track temporary and special licenses
✅ Plan renewals - 90-day advance renewal planning
Compliance Maintenance
✅ Continuous monitoring - Real-time compliance tracking
✅ Proactive remediation - Address issues before audits
✅ Audit trail - Maintain complete documentation
✅ Vendor communication - Regular license position reviews
Cost Optimization
✅ Usage analysis - Monthly utilization reviews
✅ License harvesting - Reclaim unused licenses
✅ Subscription review - Quarterly subscription assessment
✅ Alternative evaluation - Consider open-source options
CPE/NVD Integration for Vulnerability Management
Overview
NopeSight integrates with the National Vulnerability Database (NVD) using Common Platform Enumeration (CPE) identifiers to provide real-time vulnerability tracking for all software in your environment. This integration enables proactive security management by automatically identifying vulnerable software and tracking CVEs (Common Vulnerabilities and Exposures).
What is CPE?
Common Platform Enumeration (CPE) is a standardized method of describing and identifying software applications, operating systems, and hardware devices. CPE provides:
- Unique Identifiers - Each software version has a specific CPE name
- Structured Format -
cpe:2.3:part:vendor:product:version:update:edition:language:sw_edition:target_sw:target_hw:other - NVD Integration - Direct mapping to vulnerability databases
- Industry Standard - Used by security tools worldwide
Automatic CPE Matching
Discovery Process
NopeSight automatically assigns CPE identifiers to software:
- Software Discovery - Agents collect software information
- Catalog Matching - Software mapped to catalog entries
- CPE Search - NVD API queried for matching CPE
- Confidence Scoring - Match quality evaluated (0-100%)
- Vulnerability Check - CVEs retrieved for matched CPE
Matching Strategies
Multiple strategies ensure accurate CPE assignment:
- Exact Match (100%) - Perfect vendor, product, and version match
- Version Match (90%) - Vendor and product match with version variation
- Vendor-Product (80%) - Matches without specific version
- Name Search (70%) - Fuzzy matching based on software name
- Manual Assignment - Administrators can override with correct CPE
Vulnerability Visualization
Software Catalog Display
The software catalog shows vulnerability information at a glance:
- CPE Status Column - Shows if CPE is assigned with confidence percentage
- Vulnerability Badges - Color-coded counts for Critical/High/Medium/Low
- Match Confidence - Visual indicator of CPE match quality
- Quick Actions - View details or manually assign CPE
CPE & Vulnerabilities Tab
Detailed vulnerability information for each software:
-
CPE Information
- Full CPE name and components
- Match confidence and method
- NVD existence status
- Last vulnerability check date
-
Vulnerability Summary
- Count by severity level
- Total vulnerabilities
- Last update timestamp
- Visual severity indicators
-
Top CVEs Table
- CVE identifiers with links
- CVSS scores and severity
- Vulnerability descriptions
- Published dates
Background CPE Enrichment
Maintenance Task
"Enrich CPE Data for Software Catalog" automates CPE assignment:
- Batch Processing - Processes 50 entries at a time
- Rate Limiting - Respects NVD API limits (50 requests/30 seconds)
- Progress Tracking - Real-time updates via Redis queue
- Error Handling - Automatic retries with exponential backoff
- Scheduled Runs - Can be automated or run manually
Configuration
Access via Admin → CMDB AI Settings → Maintenance Tasks:
- Click "Run" on "Enrich CPE Data for Software Catalog"
- Monitor progress in task history
- Review results and statistics
- Schedule regular enrichment runs
API Integration
NVD API Configuration
Configure in environment variables:
NVD_API_KEY=your-api-key-here # Optional but recommended for higher rate limits
Rate Limits
- Without API Key: 5 requests per 30 seconds
- With API Key: 50 requests per 30 seconds
- Automatic Throttling: Built-in delays prevent rate limit violations
Security Benefits
Proactive Vulnerability Management
- Real-Time Alerts - Immediate notification of new vulnerabilities
- Risk Assessment - Prioritize patches based on CVSS scores
- Compliance Reporting - Document vulnerability remediation
- Attack Surface Reduction - Identify and remove vulnerable software
Integration with Security Tools
- SIEM Integration - Export vulnerability data to security platforms
- Ticketing Systems - Auto-create tickets for critical vulnerabilities
- Patch Management - Link vulnerabilities to patch deployment
- Risk Dashboards - Visualize organizational security posture
Software Policies (Blacklisting & Whitelisting)
Overview
Software policies enable organizations to control which software can be installed and used across their infrastructure. This powerful feature helps maintain security, compliance, and standardization by automatically detecting and responding to unauthorized software.
Policy Types
Blacklisting
Identify and prevent unauthorized or dangerous software:
- Security Risks - Software with known vulnerabilities
- Malware/Spyware - Confirmed malicious applications
- Compliance Violations - Software that violates regulatory requirements
- Unlicensed Software - Applications without proper licensing
- Deprecated Software - Obsolete or unsupported versions
- Performance Issues - Applications that degrade system performance
- Incompatible Software - Programs that conflict with critical systems
Whitelisting
Define approved software for your organization:
- Standard Applications - Organization-wide approved software
- Department-Specific - Software approved for specific teams
- Version Control - Approved versions of critical applications
- Vendor Standards - Preferred vendors and products
- Compliance Requirements - Mandated software for regulatory compliance
Policy Configuration
Creating Policies
Define comprehensive rules for software control:
Basic Settings:
- Software Selection - Choose from the global software catalog
- Policy Type - Set as blacklist or whitelist
- Severity Level - Critical, High, Medium, or Low
- Active Period - Permanent or time-limited policies
- Pattern Matching - Use wildcards for flexible matching
Actions and Responses:
- Alert - Send notifications to administrators
- Block Installation - Prevent new installations
- Quarantine - Isolate detected software
- Uninstall - Schedule automatic removal
- Monitor - Track usage without intervention
Notification Settings:
- Email alerts to security teams
- Slack channel notifications
- Webhook integrations
- Custom notification templates
Exception Management
Adding Exceptions
Grant temporary or permanent exceptions for specific devices:
- Device-Specific - Allow blacklisted software on specific servers
- Time-Limited - Temporary exceptions with expiration dates
- Business Justification - Document reasons for exceptions
- Approval Workflow - Require management approval
- Audit Trail - Track all exception changes
Common Exception Scenarios
- Legacy applications required for specific processes
- Developer tools needed for testing
- Vendor-specific software for support
- Temporary software for migrations
- Specialized tools for specific projects
Compliance Integration
Regulatory Frameworks
Link policies to compliance requirements:
- SOX (Sarbanes-Oxley) - Financial software controls
- HIPAA - Healthcare data protection requirements
- PCI-DSS - Payment card industry standards
- GDPR - Data privacy regulations
- ISO 27001 - Information security standards
Audit Support
Comprehensive documentation for compliance audits:
- Policy creation and modification history
- Detection and remediation records
- Exception approvals and justifications
- Compliance status reports
- Evidence collection for auditors
Detection and Enforcement
Automatic Detection
Continuous monitoring for policy violations:
- Real-Time Scanning - Immediate detection during discovery
- Scheduled Checks - Regular policy compliance verification
- Installation Monitoring - Detect new software installations
- Version Tracking - Identify outdated or vulnerable versions
Enforcement Actions
Automated responses to policy violations:
- Immediate Alerts - Instant notification of violations
- Remediation Tasks - Automatic ticket creation
- Access Restrictions - Limit user permissions
- Network Isolation - Quarantine affected systems
- Scheduled Removal - Plan software uninstallation
Statistics and Reporting
Detection Analytics
Track policy effectiveness:
- Total detections by policy
- Most frequently detected violations
- Affected devices and departments
- Trend analysis over time
- Exception usage patterns
Compliance Reports
Generate comprehensive compliance documentation:
- Executive Summary - High-level policy compliance status
- Detailed Violations - Complete list of policy breaches
- Remediation Progress - Status of corrective actions
- Exception Report - Active exceptions and justifications
- Audit History - Complete policy enforcement records
Best Practices
Policy Creation
✅ Start with critical risks - Focus on known security threats first
✅ Involve stakeholders - Get input from IT, security, and business teams
✅ Test before enforcement - Run in monitor mode before blocking
✅ Document everything - Maintain clear policy documentation
✅ Regular reviews - Update policies based on new threats
Exception Management
✅ Minimize exceptions - Keep exceptions to absolute minimum
✅ Time-limit exceptions - Set expiration dates when possible
✅ Document justification - Require business reasons for all exceptions
✅ Regular audits - Review exceptions quarterly
✅ Risk assessment - Evaluate security impact of exceptions
Enforcement Strategy
✅ Phased rollout - Implement policies gradually
✅ Clear communication - Inform users about policies
✅ Grace periods - Allow time for compliance before enforcement
✅ Alternative solutions - Provide approved alternatives
✅ Incident response - Have clear escalation procedures
Integration with Discovery
Software policies work seamlessly with the discovery system:
- Automatic Checking - Every discovered software is checked against policies
- Immediate Detection - Policy violations identified during scans
- Relationship Mapping - Understand impact of software removal
- Dependency Analysis - Identify critical software dependencies
- Risk Assessment - Evaluate security implications
Use Cases
Security Management
- Block known vulnerable software versions
- Prevent installation of unauthorized tools
- Detect and remove malware
- Control remote access applications
- Restrict file-sharing software
License Compliance
- Prevent unlicensed software usage
- Control software sprawl
- Enforce vendor agreements
- Manage trial software
- Track license violations
Standardization
- Enforce approved software lists
- Maintain consistent environments
- Control shadow IT
- Standardize tool usage
- Simplify support requirements
Integration Capabilities
ServiceNow Integration
- Sync software catalog
- Share license information
- Update CMDB records
- Automate workflows
- Export policy violations
Procurement Systems
- Purchase order tracking
- Contract management
- Vendor information sync
- Renewal automation
- License compliance verification
Financial Systems
- Cost allocation
- Budget tracking
- Chargeback reporting
- Depreciation calculation
- Software spend analysis
Security Tools
- Vulnerability mapping
- Patch status tracking
- Security compliance
- Risk scoring
- Threat intelligence integration
Getting Started
Initial Setup
- Configure Discovery - Set up discovery agents and schedules
- Import Licenses - Load existing license agreements
- Define Standards - Establish software standards and policies
- Enable AI Features - Activate AI-powered normalization and classification
Quick Wins
- Identify unused software - Quick ROI from license harvesting
- Standardize common tools - Reduce complexity and costs
- Automate compliance - Eliminate manual tracking
- Enable reporting - Provide visibility to stakeholders
Ongoing Management
- Review AI-generated insights weekly
- Update license records monthly
- Conduct compliance reviews quarterly
- Plan strategic optimization annually
Related Documentation
- 📖 CI Management - Managing configuration items
- 📖 Discovery Agents - Configuring discovery
- 📖 Compliance Reporting - Compliance reports
- 📖 AI Features - AI capabilities