01
Project Overview
Introduction
01
Inherited Unmanaged Console
→
02
Established Security Baselines
→
03
Prioritized Critical Remediation
→
04
Developed Remediation Scripts
→
05
Validated Automation Results
Project Overview · 5 Stages
01 / 12
02
Windows Automation
Architecture
🗂
Scalable Group Structures
DxeDot S1 Deployment · Siem Log Shipper · Vulnerability Management · CX Compliance
📋
Centralized Script Repository
CVE-2021-26875 · CVE-2022-24474 · CVE-2022-37986 · CVE-2022-41058
⚙️
Automated Remediation Workflows
Peer Review → First Review & Approval → Controlled Testing
📊
Consistent Policy Enforcement
Total Remediation Totals — Down 109, Down 29, Down 6282…
Windows Automation · 4 Pillars
02 / 12
03
IaC & Provisioning
Infrastructure
1
Automated Group Provisioning
Automated assignment of agents and clients to the correct group hierarchy.
2
Security Baselines & Windows Patching
Standardized patch policies and CIS-aligned security configurations across all systems.
3
Version Control
Script changes tracked with peer review and approval gates before deployment.
4
Controlled Provisioning
Scheduled, role-based execution ensuring consistent and predictable deployment outcomes.
IaC & Provisioning · 4-Step Staircase
03 / 12
04
Automated Group Provisioning
Configuration
🏢 Client Level
Habitat PatchMatic
Habitat MS Safety Scans
Habitat Local Administrators Group Monitor
Habitat Windows Backup
Habitat Windows Registry
Red Flag
✅ Production — Vuln Scanning and Maint.
☐ Onboarding — Vuln Scanning
📍 Location Level
Dallas Data Center · LocationID: 678
Habitat Wifi Scanner
Default: eDot Contract Client · eDot Custom Patching
☐ Exclude From Vul Scanning
☐ Update Java
✅ Remove Java
☐ Vuln Scanning
🤖 Agent Level
Dallas Data Center / 11L2258
Idle Time: Active
eDot Vulnerability Management
Do not remove JAVA
☐ Exclude From Vul Scanning
Custom Patching
Patch Management
3-Tier Hierarchy · Client / Location / Agent
04 / 12
05
Configuration Enforcement
Implementation
📁 Provisioning
Established the folder hierarchy and logical group structure. Each group tier inherits the correct baseline policies and script schedules.
⚙️ Implementation
Built on that foundation by using fixed schedules and role-based hierarchy. Scripts are targeted precisely using group inheritance and subgroup inclusion.
📂 Script Repository — 28 Scripts
📁 vulnerability-mitigation /
📁 CVE Remediations /
🔧 Microsoft
🔧 No Reboot Required CVE Remediations
🔧 Third party applications
📁 eDot Generally Useful
📁 FSRM Crypto/Ransomware Protection
📁 Examples / Zabbix/Grafana
📁 _00 - Old Scripts
Configuration Enforcement · Provisioning + Implementation
05 / 12
06
Windows Patching
Compliance
93%
Overall Compliance
225
Daytime Patching
332
Pending Reboot
13
WSUS Enabled
Severity Compliance
100%
Critical
98%
Important
99%
Moderate
100%
Low
96%
Unspecified
CVSS Compliance
100%
High
100%
Medium
97%
Low
Windows Patching · Approval + Update + Reboot Policies
06 / 12
07
Established a Secure Baseline
Vulnerability Management
72,454
Starting Vulnerabilities
March 2024 Patch Progress
Total (excl. Offline >30d)1995
% of Online Devices Patched68%
Installed1302
Missing649
Offline >30 Days139
End of Life OS11
Grand Total2323
January 2025 Patch Status
Grand Total2435
Jan Online Devices Patched93%
🔴Starting Point: 72,454 Vulnerabilities Identified. The environment lacked documented standards or structure.
⚡Immediate stabilization was critical. No existing remediation processes or baseline policies were in place.
🪟Windows Patching was baselined together to ensure stable, accurate vulnerability data going forward.
📋
Multi-client vulnerability data (7/9/2024):
Chicago Sinak · DuPage Senior · Friedman Seating · Robber Inc
Total vulns spanned Critical / High / Medium / Low / Unknown
Secure Baseline · March 2024 → January 2025
07 / 12
08
Script Lifecycle & Version Control
Process
📋
Step 1
Define Requirements
💻
Step 2
Develop & Document
👥
Step 3
Peer Review & Approval
🧪
Step 4
Controlled Testing
🔒
Step 5
Critical Software Validation
✅
Step 6
Final Review & Approval
🚀
Step 7
Staggered Deployment
📡
Step 8
Post-Deployment Monitoring
Script Lifecycle · 8-Stage Pipeline with Feedback Loop
08 / 12
09
Controlled Provisioning
Automation
🕐
Fixed-Schedule Execution
Provisioning scripts run on fixed schedules to ensure consistent execution across all endpoints.
🔒
CIS-Compliant Automation
Automation maintains CIS-compliant configurations across all maintenance-phase systems.
// Scheduled Script Example — Microsoft CVE Remediations
CVE-2023-28260 .NET DLL Hijacking
17:30:22
Mon, Wed, Fri
CVE-2022-41058 W7 Denial…
18:00:00
Daily
CVE-2022-37986 Elevation of P…
08:15:00
Weekly
Schedule Options
● Once
○ Minute
○ Hourly
○ Daily
○ Weekly
○ Monthly
Controlled Provisioning · CIS Aligned · Scheduled
09 / 12
10
Cybersecurity Considerations
Analysis
🔍 Identified data integrity issues in ASIO vulnerability scans producing inaccurate results.
🔄 Cross-validated ASIO findings with Automate console data and manual checks for accuracy.
📈 Analyzed 60-day trending drift (Sept–Oct baselines) to assess true client security posture.
Vulnerability Trend · Jan → Nov (Sum by Severity)
Jan
Feb
Jul
Aug
Sep
Oct
Nov
Unknown
Low
Medium
High
Critical
Cybersecurity · ASIO Data Integrity · 60-Day Drift Analysis
10 / 12
11
Collaboration and Coordination
Cross-Team
1
Identified scanner drift and data discrepancies between ASIO and Automate.
2
Initiated cross-team communication to validate and correct results.
3
Documented findings and escalations to ensure visibility and accountability.
4
Turned isolation into structured collaboration through transparency and follow-up.
Inbox — Security Coordination
M. Krawczyk
M. Gould
RE: ACTION REQUIRED: ConnectWise Case #02873963
Tue 5/20/25
M. Krawczyk
Product Support
RE: ACTION REQUIRED: ConnectWise Case #02873963
Mon 5/12/25
M. Krawczyk
Support
RE: ACTION REQUIRED: ConnectWise Case #02873963
Mon 5/12/25
M. Krawczyk
Elite Gilder
RE: ConnectWise Case #03494024 Received Now
Tue 2/5/25
M. Krawczyk
Security Partner
RE: Ticket# 3386010 RE: ConnectWise Case #02570899
Thu 2/20/25
M. Krawczyk
R.Reisec · M.Gou
RE: CX/eDot: Automate & PS4 Migration Kick-off
Thu 1/9/25
M. Krawczyk
S. Behring
Request for Escalation and Assistance with ASIO
Wed 8/28/24
Collaboration · ASIO Discrepancies · Escalation Trail
11 / 12
12
Outcomes & Challenges
Results
🏚️
Inherited an outdated RMM console and inconsistent ASIO scan data, requiring complete overhaul and manual validation.
💪
Operated with minimal direction and vendor support, driving progress independently through self-audits and persistence.
🤖
Developed structured remediation processes, automating validated fixes and improving data integrity across all clients.
🏆
Transformed a disorganized, failing program into a consistent, measurable vulnerability management framework.
Outcomes & Challenges · 4 Key Results
12 / 12