Documentation forHybrid Cloud Observability Advancedand Network Configuration Manager

Manually download and add firmware vulnerability files

NCM ships with initial firmware vulnerability data. However, firmware vulnerability data is routinely updated to reflect new threats. To ensure that you have the latest data, NCM automatically downloads updated files based on the settings you specify.

If NCM cannot automatically download firmware vulnerability data (for example, because you are on a closed network), you can import vulnerability data files from the National Institute of Standards and Technology (NIST) and then manually add them to your NCM server. NCM will use the information in these files to search for vulnerabilities that could affect your devices.

If you have High Availability (HA) backup servers configured, perform this procedure on both your main polling engine and your HA backup servers.

  1. Download the following firmware vulnerability .zip files from NIST:

  2. Log in to your NCM server.

  3. Extract the contents of the nvdcve-1.1-recent.json.zip and nvdcve-1.1-modified.json.zip files into the vulnerability announcements folder, which is:

    C:\ProgramData\SolarWinds\NCM\Vuln\Json.

  4. Extract the contents of the nvdcpematch-1.0.json.zip file to the \CpeMatch directory within the vulnerability announcements folder:

    C:\ProgramData\SolarWinds\NCM\Vuln\Json\CpeMatch

  5. Under Vulnerability Search Settings, click Run Now.