Access firmware vulnerability settings

If you have a Network Configuration Manager or SolarWinds Observability Self-Hosted Advanced license, SolarWinds retrieves firmware vulnerability data from the National Institute of Standards and Technology (NIST) and stores it on solarwinds.com. When this functionality is enabled, NCM downloads the latest data from solarwinds.com and correlates vulnerabilities with your managed nodes. Use the following firmware vulnerability settings to specify when the matching logic runs, change the default data sources, or specify other options.

CVE Data Import Settings

Use these settings to enable or disable importing vulnerability data from solarwinds.com. You can also specify the import schedule, manually run the import, specify the data sources, and view information about the last run.

Click Settings > All Settings in the menu bar.
Do one of the following:
- If you have a license for either Network Configuration Monitor or SolarWinds Observability Self-Hosted Advanced:
  1. Under Product Specific Settings, click NCM Settings.
  2. Under Advanced, click Firmware Vulnerability Settings.
  3. Under Vulnerabilities, click CVE Data Import Settings.
- If you have a license for SolarWinds Observability Self-Hosted Advanced, you can also choose this path:
  1. Under Product Specific Settings, click Security Settings.
  2. Under Vulnerabilities, click CVE Data Import Settings.

Review or specify the following settings:

Setting	Description
Manage Data Sources	The firmware vulnerability data source can be either an HTTP(S) address or the path to a file on your SolarWinds Observability Self-Hosted server. If your server is not connected to the Internet, you can manually add the data source to a location on your server and specify the location here. To add additional vulnerability data sources, click Add Source and specify a URL or a directory on your server. If you add a data source or change the default data source, click Validate to verify the list of data sources. To remove a data source from the list, click the trash bin icon.
CPE Match Feed	The download link of the CPE match data feed. If your SolarWinds Observability Self-Hosted server is not connected to the Internet, you can manually add the match data to a location on your server and specify the location here.
Scheduler Settings	A toggle that specifies whether the latest vulnerability data is imported each day from the data source specified above. This option is disabled by default. When this option is enabled, specify what time you want the import to occur under Run at.
Import Data Information	Information about the most recent vulnerability data import: Status: Not run, Pending, Running, Completed, or Error Run by: The account that ran the task Start time: The date and time when the last import started Finish time: The date and time when the last import ended, and the task duration Changes: The number of new or updated CVEs, and the number of errors Count of CVEs: The number of CVEs imported Total Database Size: The size of the database holding the imported CVEs You can take the following actions: Click Run now to manually start a new import job. If you have implemented HA backup servers and a failover occurs, you can manually run the import job to ensure that the new server has the latest firmware vulnerability data immediately, rather than waiting for the next automated run. Click Delete All to delete all vulnerability data from the database.

Click Submit.

CVE Node Matching Settings

Use these settings to enable or disable the task that matches vulnerability data to nodes. You can also specify the matching schedule, manually run the task, and view information about the last run.

Click Settings > All Settings in the menu bar.
Do one of the following:
- If you have a license for either Network Configuration Monitor or SolarWinds Observability Self-Hosted Advanced:
  1. Under Product Specific Settings, click NCM Settings.
  2. Under Advanced, click Firmware Vulnerability Settings.
  3. Under Vulnerabilities, click CVE Data Import Settings.
- If you have a license for SolarWinds Observability Self-Hosted Advanced, you can also choose this path:
  1. Under Product Specific Settings, click Security Settings.
  2. Under Vulnerabilities, click CVE Data Import Settings.

Review or specify the following settings:

Setting	Description
Status	Information about the most recent node matching task. Click Run now to manually start a new node matching task. The following information is shown: Status: Not run, Pending, Running, Completed, or Error Run by: The account that ran the task Start time: The date and time when the last node matching task started Finish time: The date and time when the last node matching task ended, and the task duration System Score: The score for the entire system, calculated by weighted average nodes' scores System Max Score: The maximum score of any node in the system Count of CVEs: The number of CVEs in the database during the matching run Count of Nodes: The number of nodes for which the matching process ran MVN: The most vulnerable node
Scheduler Settings	A toggle that specifies whether the node matching task automatically runs each day to determine if any of your nodes might be affected by known vulnerabilities. This option is disabled by default. When this option is enabled, specify what time you want the matching job to run under Run at.
Run History	High-level details about previously run node matching tasks. To view more information about a task, click Open Details in the Actions column. To remove task data from the database, click the checkbox to select one or more tasks, and then click Delete Selected.

Setting

Description

Status

Information about the most recent node matching task. Click Run now to manually start a new node matching task.

The following information is shown:

Status: Not run, Pending, Running, Completed, or Error
Run by: The account that ran the task
Start time: The date and time when the last node matching task started
Finish time: The date and time when the last node matching task ended, and the task duration
System Score: The score for the entire system, calculated by weighted average nodes' scores
System Max Score: The maximum score of any node in the system
Count of CVEs: The number of CVEs in the database during the matching run
Count of Nodes: The number of nodes for which the matching process ran
MVN: The most vulnerable node

Scheduler Settings

A toggle that specifies whether the node matching task automatically runs each day to determine if any of your nodes might be affected by known vulnerabilities. This option is disabled by default.

When this option is enabled, specify what time you want the matching job to run under Run at.

Run History

High-level details about previously run node matching tasks.

To view more information about a task, click Open Details in the Actions column.
To remove task data from the database, click the checkbox to select one or more tasks, and then click Delete Selected.

Click Submit.

Configure the threshold for NCM firmware vulnerability alerts

Click Settings > All Settings.
Under Product Specific Settings, click NCM Settings.
Under Advanced, click Firmware Vulnerability Settings.
Click Vulnerability Alerting Settings.
Under Vulnerability alert score threshold, specify the severity level that triggers an NCM firmware vulnerability alert. The default is 5.
Click Submit.

Search SolarWinds Support

Access firmware vulnerability settings

CVE Data Import Settings

CVE Node Matching Settings

Configure the threshold for NCM firmware vulnerability alerts