09-27-2018 08:01 AM
My question is how does SNTC match CVE's to a device. Is it simply the devices code version and/or model of the device? CVE's normally list code version that is vulnerable to an attack on something that is running on the device such as SNMP for example. They give commands to run to see if you are running the process that is compromised. I would like to know if we turn on CLI collection in the CSPC, will it be able to figure out that we ARE NOT running the compromised process on a device and in return remove the CVE from the device in the SNTC portal? My problem is we get a lot of false positives with CVE vulnerabilities on devices because I think the portal is simply matching on device and/or code version (hence my original question). I end up running manual processes on devices to show that the device is indeed not running the compromised process. I would like to show a clean CVE audit report to my security team, but I can't if the CVE's keep showing up for devices that are not really compromised to the vulnerability. I also don't want to do knee-jerk reactive upgrades to switch code when I don't have to to simply get the CVE off the list when it wasn't compromised in the first place. Thanks in advance to anyone who can clear this up for me or have other ideas about the CVE's.
Solved! Go to Solution.
09-27-2018 08:29 AM
09-27-2018 08:09 AM
The minimum matching is based on SW Type (I.e. IOS, IOS-XE, etc.) and SW Version. But additionally, where applicable, the matching can be on a "feature" from the running configuration, the imagename (for IOS), the Chassis PID, the Module PIDs or in the case of IOS XR, the SMUs installed. Other CLI besides the running configuration are not currently checked today, but are planned for in the future.
09-27-2018 08:14 AM
09-27-2018 08:29 AM
09-27-2018 01:08 PM
Thats exactly what I am looking for. I will need to enable CLI discovery then. I only have SNMP turned on.
09-27-2018 01:21 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide