@BF_dev, technically it is absolutely possible to run this under Web Reports which some tweaks. I think I did it for someone but never publish it. If I can find it and something easy I will post here.
1 Like
Good day!
Could you explain, how bigfix_cve_util choice a cve what it remove or add ?
Example, I interested CVE-2017-1376 but it was remove.
How i can understand why it was remove? What have rules for choice?
CVEs downloaded from NVD are removed if there are no corresponding Fixlets.
For example:
- A CVE for the Cisco router will be removed because BigFix does not have content (Fixlets) for them.
- On the other hand, if you do not subscribe to a certain sites, say Patches for AIX, then CVEs relating to AIX will be excluded as well.
The idea is that I will only show you CVEs where there are Fixlets.
Sorry for stupid question, but how do I load this in console in a custom site?
Here is the install guide that describes how to add the files for the dashboard into any sites you choose.
Actually, you can only add to a custom site anyway because we cannot modify âexternalâ sites from IBM.
CVEDashboard.pdf (1.3 MB)
Hi All, Just recently purchased product and installed 9.5.9. CVE dashboard stopped getting updated content in June 2018. Anyone else facing this issue?
Regards,
A
I realize this is an old topic, but Iâm just trying this out. I, too, need for non-master operators to be able to see this dashboard. Iâve imported the files into a Custom Site, and given the desired operator âWriterâ permissions to the site. They can see the site, and the files, but not the Dashboard. I read above about permissions to the âdashboard variablesâ, but thatâs a new one on me. (7 years with Bigfix).
Also, âShow Computersâ does not work. (Bigfix 9.5.7)
Any ideas?
Hi lkj962,
Are you getting updated information from your CVE dashboard, after June 2018?
The last âCriticalâ ones are from June, but Iâm seeing âHighâ and âMediumâ from July 18, 2018.
@leewei : When i run the relevance it shows the values of Computer, Risk Score in XML format.
But still the Dashboard shows empty . I dont know why its showing like that.
Any Suggestions
Hi,
Where will this dashboard access?
I confirm that the dashboard access following site only.
http://static.nvd.nist.gov/
If there are other sites, let me know.
@mako3, technically, the dashboard does not have any external access except for the BigFix repository. The loading command line script is the one that connects to and download the CVE database from the URL you indicated.
1 Like
Hi,
When we click âShow Computersâ on the dashboard, following script error occurs.
It seems, it occurs for groups with many computers and it doesnât occur for groups with 1000 computers or so.
Does anyone have any idea to solve this situation?
Regards,
WeiLee-san,
Do you have any idea to solve this script error?
Regards,
When we click âShow Computersâ on the dashboard, facing same script issue , any help please
1 Like
Has anyone here run into an issue when attempting to run the importer? I will get the error that parameter username is required even though iâm using the switch to specify the username (See attachment)
@MRitchotte Hello Matthew, I cannot duplicate what you are seeing. Is it possible that your command line, especially where you have the -server param is breaking up with a space or some characters?
Hi @leewei for some reason the dashboard is not showing CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability: May 14, 2019. I have tried running the importer using the command line as well as manually downloading the XML file and placing it in the importer folder but both methods still donât show the mentioned vulnerability.
Any idea what might be causing this?
Regards
@leewei
Running into problems when running the importer⌠Using latest version , it gets the nvdcve file, expands to the xml and then starts the process⌠Gets all the way to the and and then I get an error
6/20/2019 11:41:18 AM - Processed 4610 of 4623: CVE-2019-9946
6/20/2019 11:41:19 AM - Processed 4620 of 4623: CVE-2019-9962
6/20/2019 11:41:20 AM - Processed 4623 of 4623: CVE-2019-9975
6/20/2019 11:41:20 AM - Error: The remote server returned an error: (400) Bad Request.
Any thoughts or insights please?