The vulnerability management workflow included in OTbase allows you to match your installed base against known (published) vulnerabilities. In order to do that, vulnerability information from NIST must be imported. Such information is publicly available on the NIST web site.
Automatic CVE import
Note: The following setting only applies for the on-premise version of OTbase Inventory. In the SaaS version, CVEs are imported automatically by default.
CVEs can be imported automatically if the hosting environment for OTbase Inventory allows for an outgoing Internet connection to the NIST CVE database.
In order to activate CVE auto-import you must go to the MAINTENANCE page and select the Metadata tab.
In the CVE auto import settings section, choose the desired update interval (daily, every other day, or every five days). You can also specify the time of day when the import is started, using 24-hour-notation (for example, 3 p.m. would be 15:00). -- If you have used CVE manual import (see below), no automatic import will be executed that same day for the purpose of preserving system resources.
In addition to downloading CVE data from nvd.nist.gov, OTbase also downloads KEV data from cisa.gov. This allows OTbase to expose vulnerabilities with known exploits.
You can check the result of the auto-import in the log area. Also, below the log area is a breakdown of how many CVEs are in the OTbase database for the various calendar years.
Testing CVE auto-import, and doing an initial load of CVEs
You can test the auto-import by clicking the Import Now button. This will initiate the import of CVEs and also the assignment of any new CPEs and CVEs to the product database in Asset Center. This operation can take a long time (several hours), so don't worry if you don't see an immediate success message. If you don't want to wait for the operation to finish, simply log off and check the Log output in your next Asset Center session.
The Import Now function also checks if you have already loaded CVEs of previous years, and automatically imports them if you haven't.
Importing Microsoft Security Update information
CVEs as downloaded from NIST don't tell you if a given CVE is already patched on your computers. That's bad -- because at the end of the day you want to know about any unpatched vulnerabilities, and not necessarily about vulnerabilities that in principle affect your systems. In order to close the gap we need patch data as provided by Microsoft's Security Update Guide API (SUGAPI). OTbase can download this data automatically for you if you check the appropriate box.
In order to join CVE data with patch data, both data sets are post processed. This is done automatically after all imports have been successfully completed. If you have selected a longer download interval, let's say five days, and want to check vulnerability status before the next download is scheduled, you can manually trigger the post-processing with the button "Post-process now".
Required web access
In order for OTbase Inventory to be able to pull metadata, you must make sure that the following URLs are accessible via HTTPS from the host where Inventory is running:
URL | Purpose |
---|---|
https://services.nvd.nist.gov/rest/json/cves/2.0/ | Pulls CVE data from NIST |
https://www.cisa.gov/.../known_exploited_vulnerabilities.json | Pulls KEV data from CISA |
https://api.msrc.microsoft.com/updates https://api.msrc.microsoft.com/cvrf | Pulls patch data from Microsoft |
Comments
0 comments
Please sign in to leave a comment.