OT-BASE Asset Center automatically downloads vulnerability information and product metadata if configured to do so.
Security information downloads
For automatic CVE downloads from NIST (nvd.nist.gov) you have to activate the download function and also specify a time of day as well as the desired download interval (daily, every other day, every five days). When you have made your selection click on Save to save your settings. -- If you have checked this box, OT-BASE will also download KEV data from cisa.gov. KEV data inform you for which vulnerabilities there are known exploits.
If you also check "Security update information from microsoft.com" OT-BASE will also download security patch data from Microsoft. This enables OT-BASE to determine if a particular vulnerability is already fixed for a given device.
Product metadata downloads
Automatic product data updates include product catalog descriptions, product lifecycle information, information about current firmware version, and more. When activated, OT-BASE Asset Center will download curated product metadata from metadata.ot-base.com once per week.
In order to assure that metadata for your installed products are provided, you must check the box labeled "Upload product catalog to Langner". If you don't check the box, you may not get full coverage for your products. The upload only contains product names and installation numbers. Installation numbers help Langner to identify vendors products that are installed in substantial numbers and therefore warrant more effort for metadata collection.
Please sign in to leave a comment.