Space banner This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.

Managing security vulnerabilities

A security vulnerability is a report from a device vendor that advises you about the devices that have operating systems vulnerable to security threats. You can import a vendor's advisory or bulletin into TrueSight Network Automation by using a security vulnerability importer. The imported information is a summary of the full report. You need to consult the vendor's site for complete information. For information about security vulnerability importers, see Managing-security-vulnerability-importers.

The process of importing a security vulnerability report involves mapping of the reported vulnerable operating systems to the operating system version strings that are used by Network Automation and discovered from the live devices that Network Automation manages. After you import the security vulnerability, you can use it to create a compliance rule that reports a violation if a managed device is running a vulnerable operating system.

Network Automation is shipped with a canned set of security vulnerabilities that are derived from the following repositories:

  • Cisco's National Vulnerability Database (NVD) repository 
  • Juniper's NVD repository
  • Aruba's NVD repository
  • Extreme Networks's NVD repository
  • Hewlett Packard Enterprise (HPE) Aruba's NVD repository
  • Palo Alto's NVD repository

  • Cisco's Common Vulnerability Reporting Framework (CVRF) advisory repository (Deprecated)

    Note

    As of release 8.9.03, the canned CVRF database is no longer updated. The publicly available CVRF files from Cisco no longer contain detailed operating system version information, which renders these reports unsuitable for the purpose of rule creation and vulnerable device detection. Thus the canned database contains the last snapshot, taken on August 16, 2017, where operating system versions are still present. Reports published by Cisco after that date and containing the operating system versions are available from NVD instead.

These vulnerabilities are a snapshot of the available XML or JSON files that are captured prior to the product release date. Note that these device vendors update their advisories frequently. Therefore, BMC recommends that you import the updates regularly to keep the database current. Network Automation does not update security vulnerabilities during the software upgrade process. You might choose to import the shipped versions, which are included in the BNA_HOME\public\bmc\bca-networks\securityVulnerabilities directory.

Network Automation is also shipped with the following canned rule sets, Vulnerable OS images reported in Cisco CVRF advisories and Vulnerable OS images reported in NVD advisories. The canned rule sets contain rules that enforce the canned security vulnerabilities which identify specific vulnerable operating system versions. These rule sets are disabled by default. You must enable them when you want to manage the violations that the rule set might detect. Use the Compliance Summary report before enabling the rule set to gauge the volume of violations to be detected. Some of the canned security vulnerabilities do not have an associated rule. This is due to the advisory not reporting any specific operating system versions. These vulnerabilities are included for completeness and you might want to develop your own rules to enforce them.

The following topics describe how to import and view security vulnerabilities and how to associate rules with them:

Related topic

Managing-security-vulnerability-importers

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*