CVE Dashboard available

mmangan · October 31, 2016, 4:37pm

Definitely pointed in the right direction now. There was an issue with our reporting instance and a restart is all that was needed.

Thank you for the prompt reply!

-Matt

leewei · October 31, 2016, 7:10pm

@mmangan, thanks for the feedback, this will help me and others. Sounds like a restart reclaimed some resources.

josephdalton · November 4, 2016, 8:43pm

First off this report is an amazing help to my work processes. I was wondering if you have the schema for where the CVE data is stored in the database? I have a need to pivot the reporting data a bit in order to answer some additional questions so going to source would be optimal.
Thank you!

leewei · November 4, 2016, 11:59pm

@josephdalton, Getting to the data is doable, but parsing and using them might be more difficult.
The data is stored as “Dashboard Variables” within the system.

You can get them via the REST API like this:

https://localhost:52311/api/dashboardvariable/CVEs.ojo/CVE2016

For the last parameter, the valid values are:

CVE2009
CVE2010
CVE2011
CVE2012
CVE2013
CVE2014
CVE2015
CVE2016
CVEComputers

The data is stored as XML, which is why it might be more difficult to use. Can you display the data and then use the csv or XLS export?

josephdalton · November 9, 2016, 1:36pm

Thank you so much this is a big help.

ttheierl · February 16, 2017, 7:12pm

Hello Lee,

I’m trying out your CVE Dashboard but keep running into the error below. The nvdcve-2.0-2016.xml.gz is downloaded and uncompressed but it seems like it doesn’t like the uncompressed file as indicated below.

I tried all of the command line options including -debug=yes but it always shows the same error.

Running bigfix_cve_util version: 1.3.0.0
Connected to BigFix Server successfully
Downloading GZ file: http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2016.xml.gz
Downloading completed
File name: nvdcve-2.0-2016.xml.gz, Size: 1.8MB
Decompressing file
Decompress completed
File name: C:\CVEDashboard\importer\nvdcve-2.0-2016.xml, Size: 31MB
Starting XML processing
Removed 10117 items of //vuln:vulnerable-configuration
Removed 6403 items of //vuln:vulnerable-software-list
Removed 29199 items of //vuln:references
Removed 6723 items of //vuln:last-modified-datetime
Removed 5607 items of //vuln:cwe
Removed 6403 items of //cvss:access-vector
Removed 6403 items of //cvss:access-complexity
Removed 6403 items of //cvss:authentication
Removed 6403 items of //cvss:confidentiality-impact
Removed 6403 items of //cvss:integrity-impact
Removed 6403 items of //cvss:availability-impact
Removed 6403 items of //cvss:source
Removed 6403 items of //cvss:generated-on-datetime
Removed 0 items of //vuln:assessment_check
Removed 0 items of //vuln:scanner
Processed 10 of 6723: CVE-2016-0002
Error: Length cannot be less than zero.
Parameter name: length

Thanks!

leewei · February 16, 2017, 8:30pm

@ttheierl, Ty, thanks for letting me know.

I just tried it and it works fine for me.
I am using version 1.4.0.0, which should not have made a difference because the new feature in 1.4.0.0 has to do with the ability to use local files.

In any case, this is the latest version:
https://leewei.com/bigfix/prod/cve/bigfix_cve_util.exe

The error you are seeing is just local programming error which I am not expecting.
Can you please private message me and I would like to help you get through this error.

sstrain · March 14, 2017, 8:40pm

I am able to download 2017 and 2016, but when it tries to do 2015 the connection to the remote server fails
We modified the port number to the api.

3/14/2017 2:45:50 PM - Running bigfix_cve_util version: 1.6.0.0
3/14/2017 2:45:50 PM - Connected to BigFix Server successfully
3/14/2017 2:45:50 PM - Downloading GZ file: http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2017.xml.gz
3/14/2017 2:45:51 PM - Downloading completed
3/14/2017 2:45:51 PM - File name: nvdcve-2.0-2017.xml.gz, Size: 178.5KB
3/14/2017 2:45:51 PM - Decompressing file
3/14/2017 2:45:51 PM - Decompress completed
3/14/2017 2:45:51 PM - File name: d:\Temp\CVEDashboard\importer\nvdcve-2.0-2017.xml, Size: 3MB
3/14/2017 2:45:51 PM - Starting XML processing
3/14/2017 2:46:56 PM - Posted 2017 to BigFix via the REST API
3/14/2017 2:46:57 PM - REST API URL: https://server:24439/api/dashboardvariables/CVEs.ojo
3/14/2017 2:46:57 PM - Completed - 00 hours 01 mins 06 secs
3/14/2017 2:46:57 PM - Found file nvdcve-2.0-2016.xml.gz locally
3/14/2017 2:46:57 PM - File name: nvdcve-2.0-2016.xml.gz, Size: 1.9MB
3/14/2017 2:46:57 PM - Decompressing file
3/14/2017 2:46:57 PM - Decompress completed
3/14/2017 2:46:57 PM - File name: d:\Temp\CVEDashboard\importer\nvdcve-2.0-2016.xml, Size: 32.7MB
3/14/2017 2:46:57 PM - Starting XML processing
3/14/2017 2:54:35 PM - Posted 2016 to BigFix via the REST API
3/14/2017 2:54:35 PM - REST API URL: https://server:24439/api/dashboardvariables/CVEs.ojo
3/14/2017 2:54:35 PM - Completed - 00 hours 07 mins 38 secs
3/14/2017 2:54:35 PM - Downloading GZ file: http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2015.xml.gz
3/14/2017 2:54:36 PM - Error: Unable to connect to the remote server

Any ideas why it fails to connect on the download of the 2015? I increased the vmem and vcpu to make sure resources was not an issue.

fossl · March 14, 2017, 11:09pm

Just ran this on a server by manually coping in the nvdcve files… didn’t process the 2009 files. Is this a bug?

leewei · March 14, 2017, 11:25pm

@sstrain, I don’t know off hand why 2015 might be problematic. I am running one right now and see how it goes.

leewei · March 14, 2017, 11:27pm

@fossi, In the latest version 1.6.0.0, it will default to running the last 8 years.
Which is why it stopped at 2010.

If you want 2009, the command line option is:

bigfix_cve_util -years=9

That will import 2017, 16, 15, 14, 13, 12, 10, 00, 09. Nine years in total.

leewei · March 14, 2017, 11:36pm

@sstrain, I just tried the processing and the 205 XML downloaded fine for me.
Try again? Let me know and I will help debug.

sstrain · March 16, 2017, 11:31am

Yes, that would be great. I have tried several more times but encountered the same issue.

leewei · March 16, 2017, 3:54pm

@sstrain, Scott you can reach me via private message and send me your contact info.

khurlbert · June 8, 2017, 3:15pm

This is a great dashboard, my only problem i am having now is, how do i make it so Non Master Operators can see the dashboard? They can see the files but the Bigfix Console never loads the dashboard. I if i change someone’s account to Master Operator they can see the dashboard, if i make them a standard user they cant see it. I have it loaded into a custom site. Any help would be great.

Thanks,

achang8 · June 8, 2017, 4:55pm

Hi Lee Wei,
Can you please tell me how or where I can get the latest version 1.6.0.0?
Thanks in advance!

aghosh · June 9, 2017, 6:21pm

Hello Lee,

I am having some issues with the “Show Computers” page. I am not seeing any computers at all. I am using BigFix 9.5.3.211
Please let me know if you had seen this issue before.
Thank you!

leewei · June 13, 2017, 3:02am

@achang8 this URL always points to the latest version, which is indeed 1.6.0.0.
The Task Fixlet that downloads and runs the exec will reference this.
https://leewei.com/bigfix/prod/cve/bigfix_cve_util.exe

leewei · June 13, 2017, 3:04am

@aghosh, do you have the log file after running the bigfix_cve_util program?
If there are any errors, it will show up there.

nicksberger · June 13, 2017, 12:59pm

@leewei

Since upgrading to 9.5.5, we are getting error 503 when running the latest utility (after it has succesfully started the download) -

6/13/2017 5:48:20 AM - Running bigfix_cve_util version: 1.3.0.0
6/13/2017 5:49:32 AM - Running bigfix_cve_util version: 1.3.0.0
6/13/2017 5:49:32 AM - Connected to BigFix Server successfully
6/13/2017 5:49:32 AM - Downloading GZ file: http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2016.xml.gz
6/13/2017 5:49:37 AM - Downloading completed
6/13/2017 5:49:37 AM - File name: nvdcve-2.0-2016.xml.gz, Size: 2.2MB
6/13/2017 5:49:37 AM - Decompressing file
6/13/2017 5:49:38 AM - Decompress completed
6/13/2017 5:49:38 AM - File name: C:\Temp\importer\nvdcve-2.0-2016.xml, Size: 36.1MB
6/13/2017 5:49:38 AM - Starting XML processing
6/13/2017 5:49:39 AM - Removed 12265 items of //vuln:vulnerable-configuration
6/13/2017 5:49:39 AM - Removed 7737 items of //vuln:vulnerable-software-list
6/13/2017 5:49:39 AM - Removed 33352 items of //vuln:references
6/13/2017 5:49:39 AM - Removed 8904 items of //vuln:last-modified-datetime
6/13/2017 5:49:39 AM - Removed 6932 items of //vuln:cwe
6/13/2017 5:49:39 AM - Removed 7737 items of //cvss:access-vector
6/13/2017 5:49:39 AM - Removed 7737 items of //cvss:access-complexity
6/13/2017 5:49:39 AM - Removed 7737 items of //cvss:authentication
6/13/2017 5:49:39 AM - Removed 7737 items of //cvss:confidentiality-impact
6/13/2017 5:49:39 AM - Removed 7737 items of //cvss:integrity-impact
6/13/2017 5:49:39 AM - Removed 7737 items of //cvss:availability-impact
6/13/2017 5:49:39 AM - Removed 7737 items of //cvss:source
6/13/2017 5:49:39 AM - Removed 7737 items of //cvss:generated-on-datetime
6/13/2017 5:49:39 AM - Removed 0 items of //vuln:assessment_check
6/13/2017 5:49:39 AM - Removed 0 items of //vuln:scanner
6/13/2017 5:49:49 AM - Error: The remote server returned an error: (503) Server Unavailable.