CVE Dashboard available

leewei 2017-08-18 17:40:44 UTC #62

@BF_dev, technically it is absolutely possible to run this under Web Reports which some tweaks. I think I did it for someone but never publish it. If I can find it and something easy I will post here.

BF_dev 2017-08-21 10:28:28 UTC #63

@leewei, Thanks a lot

android 2017-09-05 09:49:22 UTC #64

Good day!
Could you explain, how bigfix_cve_util choice a cve what it remove or add ?
Example, I interested CVE-2017-1376 but it was remove.
How i can understand why it was remove? What have rules for choice?

leewei 2017-09-05 19:31:02 UTC #65

CVEs downloaded from NVD are removed if there are no corresponding Fixlets.
For example:

A CVE for the Cisco router will be removed because BigFix does not have content (Fixlets) for them.
On the other hand, if you do not subscribe to a certain sites, say Patches for AIX, then CVEs relating to AIX will be excluded as well.

The idea is that I will only show you CVEs where there are Fixlets.

randydavis 2017-10-26 17:23:03 UTC #66

Sorry for stupid question, but how do I load this in console in a custom site?

leewei 2017-10-26 21:23:13 UTC #67

Here is the install guide that describes how to add the files for the dashboard into any sites you choose.
Actually, you can only add to a custom site anyway because we cannot modify “external” sites from IBM.
CVEDashboard.pdf (1.3 MB)

asouza 2018-08-15 14:13:47 UTC #69

Hi All, Just recently purchased product and installed 9.5.9. CVE dashboard stopped getting updated content in June 2018. Anyone else facing this issue?

Regards,
A

jkj1962 2018-08-15 14:32:24 UTC #70

I realize this is an old topic, but I’m just trying this out. I, too, need for non-master operators to be able to see this dashboard. I’ve imported the files into a Custom Site, and given the desired operator “Writer” permissions to the site. They can see the site, and the files, but not the Dashboard. I read above about permissions to the “dashboard variables”, but that’s a new one on me. (7 years with Bigfix).

Also, “Show Computers” does not work. (Bigfix 9.5.7)

Any ideas?

asouza 2018-08-16 13:36:55 UTC #71

Hi lkj962,

Are you getting updated information from your CVE dashboard, after June 2018?

jkj1962 2018-08-16 13:54:44 UTC #72

The last “Critical” ones are from June, but I’m seeing “High” and “Medium” from July 18, 2018.

swap041 2018-10-06 20:24:18 UTC #73

@leewei : When i run the relevance it shows the values of Computer, Risk Score in XML format.
But still the Dashboard shows empty . I dont know why its showing like that.

Any Suggestions

mako3 2018-11-15 01:24:36 UTC #74

Hi,

Where will this dashboard access?
I confirm that the dashboard access following site only.
http://static.nvd.nist.gov/

If there are other sites, let me know.

leewei 2018-11-15 01:59:08 UTC #75

@mako3, technically, the dashboard does not have any external access except for the BigFix repository. The loading command line script is the one that connects to and download the CVE database from the URL you indicated.

Masatsugu 2018-12-06 08:09:16 UTC #76

Hi,

When we click “Show Computers” on the dashboard, following script error occurs.
It seems, it occurs for groups with many computers and it doesn’t occur for groups with 1000 computers or so.
Does anyone have any idea to solve this situation?

Regards,

script_err2