Updating information about Common Vulnerabilities and Exposures (CVE)
Available from 9.2.12. Common Vulnerabilities and Exposures (CVE) list is integrated with the software catalog and updated with each upgrade of BigFix Inventory. Use this procedure if you require more frequent updates.
Before you begin
- You must have access to the computer where the BigFix Inventory server is installed with permissions to paste files into the installation directory of BigFix Inventory.
- To perform the described actions, you must have the following tools installed:
- GNU Wget
- unzip tool
- sha256sum
About this task
CVE contains a list of known security threats that are assigned identification numbers. Thanks to the import of CVE to BigFix Inventory, you can browse your software inventory and identify potential threats in your environment.
Information about CVE is automatically updated during every upgrade of BigFix Inventory. Use this procedure if you require to
update CVE between the subsequent releases of BigFix Inventory.
Note: The procedure describes how to
update CVE files with a semi-automated method. Alternatively, you can perform each step
manually.
Procedure
-
To download the zip CVE files, including json files
and the relevant meta files from the National
Vulnerability Database, run the following command.
wget --secure-protocol=auto -r -A nvdcve-1.0-20*.meta,nvdcve-1.0-20*.json.zip https://nvd.nist.gov/vuln/data-feeds
The files are downloaded to the following location: nvd.nist.gov/feeds/json/cve/1.0.Important: Do not change names of the downloaded files. - Optional:
Ensure that you downloaded the appropriate files.
-
Copy all zip CVE files to the following directory on the computer where
the BigFix Inventory server is installed:
- installation_directory/cve_data
- installation_directory\cve_data
- Wait for the scheduled import of data or run it manually.