OTbase Inventory is an on-premise software product, but it requires some data from the Internet in order to be fully functional. This data is needed for vulnerability management and for obsolescence management.
On the Maintenance page, navigate to the Metadata tab.
In the CVE import settings, check the boxes to automatically download vulnerability information from NIST, CISA, and Microsoft.
In the Product Data Update area, check the box to download product information from Langner.com. This product information includes product catalog descriptions, product lifecycle status, and current firmware version.
Checking the Upload Product Catalog to Langner box will upload the information that you see in INVENTORY/DEVICES/Products to Langner, which then will act a seed to collect product catalog information for which there presently is nothing in our product database. If you don't check this box, you will most likely experience products without catalog descriptions and obsolescence information.
Required web access
In order for OTbase Inventory to be able to pull metadata, you must make sure that the following URLs are accessible via HTTPS from the host where Inventory is running:
URL | Purpose |
---|---|
https://services.nvd.nist.gov/rest/json/cves/2.0/ | Pulls CVE data from NIST |
https://www.cisa.gov/.../known_exploited_vulnerabilities.json | Pulls KEV data from CISA |
https://api.msrc.microsoft.com/updates https://api.msrc.microsoft.com/cvrf | Pulls patch data from Microsoft |
https://metadata-us.ot-base.com | Pulls product metadata from Langner (US server) |
https://metadata.ot-base.com | Pulls product metadata from Langner (European server) |
Comments
0 comments
Please sign in to leave a comment.