Remediation Targets
A remediation target is the concrete thing that needs fixing on a specific endpoint. While a remediation subject is abstract (“Google Chrome”), a target is specific: “Chrome 119 on Jake’s laptop, installed at /Applications/Google Chrome.app, manageable via Homebrew.” Targets are what Furl actually remediates.
How targets are produced
Section titled “How targets are produced”Targets come from a four-step identification pipeline that turns raw scanner data into something actionable.
1. Parse
Section titled “1. Parse”Raw scanner data (CPE strings, product names, version numbers) is extracted and normalized. Each scanner reports software differently — this step standardizes the format.
2. Identify
Section titled “2. Identify”The normalized data is matched to a remediation subject using the subject matching pipeline (CPE match, name match, alias match). This step answers: “what software is this?“
3. Operationalize
Section titled “3. Operationalize”Furl figures out how to actually remediate this target on this specific endpoint:
- Install path — where the software lives on the device
- Package manager — whether it can be managed via apt, Chocolatey, Homebrew, etc.
- Discovery method — how the install path and manager were determined
Discovery happens in tiers, escalating only when needed:
| Tier | Method | Example |
|---|---|---|
| 1 | Passive lookup / telemetry | Check existing agent data or lookup tables |
| 2 | Targeted query | Run a query on the endpoint via the agent |
| 3 | Operator | Use the AI operator to investigate |
4. Match
Section titled “4. Match”The target is matched to its subject and available strategies. Once matched, the target is actionable — it can be picked up by a remediation scope and remediated.
Target types
Section titled “Target types”| Type | Examples | How it’s fixed |
|---|---|---|
| Software | Chrome, Python, Log4j | Update, patch, or uninstall |
| OS Patch | Windows KB updates | Install the patch |
| Configuration | Registry keys, TLS settings | Modify the value |
| Service | SMBv1, SSH | Enable, disable, or configure |
Target validation
Section titled “Target validation”Before a target is remediated, Furl can validate it — sending a probe to the endpoint to confirm the software is actually present at the reported version. This prevents wasted remediation attempts on stale scanner data.
Validation probes include installed software version checks, file existence checks, browser version checks, Windows hotfix checks, registry key checks, and more.
| Validation status | Meaning |
|---|---|
| Unconfirmed | Not yet validated |
| Agent confirmed | The Furl agent confirmed the target exists |
| User confirmed | A human confirmed the target exists |
| Validating | Validation probe in progress |
Deduplication
Section titled “Deduplication”Targets are deduplicated by endpoint + type + product + vendor. When multiple scanners report the same software on the same device, you get one target — not duplicates per source.
Related
Section titled “Related”- Remediation Subjects — the abstract definition a target maps to
- Findings — multiple findings can link to one target
- Remediation Scopes — scopes match targets and dispatch remediation
- Remediation Strategies — strategies become available once a target is matched to a subject