-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Compare NetBox inventory with database of known vulnerabilities #134
Comments
@piercema suggests looking into Common Platform Enumeration (see also NIST and nmap.org) as a way to store the information about platforms of the devices in the inventory. I think that's a great idea. As to where to store the information on a per-device basis, platform seems to make the most sense, if there is a place for it there. If not, creating a custom field type that either belongs to platform or belongs to devices/VMs seems like the way to go. If we can come up with the way to consistently store platform information with the devices we can reproducibly check it against a vulnerability database like CSAF. |
Although as indicated here (nmap.org), a CPE name is definable as a URL of sorts that looks like |
Sorry, I don't. CPE has some severe issues (e.g. look at the entries in the CPE dict for Siemens). I don't want to say that it doesn't work - in fact it works quite well for e.g. RedHat. So my question is: Is it just for storing data? Then, the format doesn't really matter. Is it for matching against an advisory? Well, then you should have the same identifier the vendor uses in its advisories... And this might not necessarily be CPE or the data used in CPE. Although the vendor/product_name/product_version can get you quite far. Happy to have a chat. |
Thanks for the reply @tschmidtb51, copying this from my email to you for tracking purposes:
|
For OS vulnerabilities you can use the wazuh api - piggyback on existing deployment OR add Wazuh to Malcolm - this would be a nice integration Pros : wazuh agents are easy to deploy, wazuh app has the requested data Cons : for large env. you do need proper/multi-node wazuh deployment |
As part of our collaboration with BSI-Bund (www.bsi.bund.de, github org), they are going to be taking over this development of this feature. Marking as external, will update this issue as their work continues. |
Kamino closed and cloned this issue to cisagov/Malcolm |
Feature-tracking issue dependent on #131
The text was updated successfully, but these errors were encountered: