Access firmware vulnerability settings
If you have a Network Configuration Manager or SolarWinds Observability Self-Hosted Advanced license, SolarWinds retrieves firmware vulnerability data from the National Institute of Standards and Technology (NIST) and stores it on solarwinds.com. When this functionality is enabled, NCM downloads the latest data from solarwinds.com and correlates vulnerabilities with your managed nodes. Use the following firmware vulnerability settings to specify when the matching logic runs, change the default data sources, or specify other options.
CVE Data Import Settings
Use these settings to enable or disable importing vulnerability data from solarwinds.com. You can also specify the import schedule, manually run the import, specify the data sources, and view information about the last run.
-
Click Settings > All Settings in the menu bar.
-
Do one of the following:
-
If you have a license for either Network Configuration Monitor or SolarWinds Observability Self-Hosted Advanced:
-
Under Product Specific Settings, click NCM Settings.
-
Under Advanced, click Firmware Vulnerability Settings.
-
Under Vulnerabilities, click CVE Data Import Settings.
-
-
If you have a license for SolarWinds Observability Self-Hosted Advanced, you can also choose this path:
-
Under Product Specific Settings, click Security Settings.
-
Under Vulnerabilities, click CVE Data Import Settings.
-
-
-
Review or specify the following settings:
Setting Description Manage Data Sources The firmware vulnerability data source can be either an HTTP(S) address or the path to a file on your SolarWinds Observability Self-Hosted server. If your server is not connected to the Internet, you can manually add the data source to a location on your server and specify the location here.
CPE Match Feed The download link of the CPE match data feed. If your SolarWinds Observability Self-Hosted server is not connected to the Internet, you can manually add the match data to a location on your server and specify the location here.
Scheduler Settings A toggle that specifies whether the latest vulnerability data is imported each day from the data source specified above. This option is disabled by default.
When this option is enabled, specify what time you want the import to occur under Run at.
Import Data Information Information about the most recent vulnerability data import:
- Status: Not run, Pending, Running, Completed, or Error
- Run by: The account that ran the task
- Start time: The date and time when the last import started
- Finish time: The date and time when the last import ended, and the task duration
- Changes: The number of new or updated CVEs, and the number of errors
- Count of CVEs: The number of CVEs imported
- Total Database Size: The size of the database holding the imported CVEs
You can take the following actions:
-
Click Run now to manually start a new import job.
If you have implemented HA backup servers and a failover occurs, you can manually run the import job to ensure that the new server has the latest firmware vulnerability data immediately, rather than waiting for the next automated run.
-
Click Delete All to delete all vulnerability data from the database.
-
Click Submit.
CVE Node Matching Settings
Use these settings to enable or disable the task that matches vulnerability data to nodes. You can also specify the matching schedule, manually run the task, and view information about the last run.
-
Click Settings > All Settings in the menu bar.
-
Do one of the following:
-
If you have a license for either Network Configuration Monitor or SolarWinds Observability Self-Hosted Advanced:
-
Under Product Specific Settings, click NCM Settings.
-
Under Advanced, click Firmware Vulnerability Settings.
-
Under Vulnerabilities, click CVE Data Import Settings.
-
-
If you have a license for SolarWinds Observability Self-Hosted Advanced, you can also choose this path:
-
Under Product Specific Settings, click Security Settings.
-
Under Vulnerabilities, click CVE Data Import Settings.
-
-
-
Review or specify the following settings:
Setting Description Status Information about the most recent node matching task. Click Run now to manually start a new node matching task.
The following information is shown:
- Status: Not run, Pending, Running, Completed, or Error
- Run by: The account that ran the task
- Start time: The date and time when the last node matching task started
- Finish time: The date and time when the last node matching task ended, and the task duration
- System Score: The score for the entire system, calculated by weighted average nodes' scores
- System Max Score: The maximum score of any node in the system
- Count of CVEs: The number of CVEs in the database during the matching run
- Count of Nodes: The number of nodes for which the matching process ran
- MVN: The most vulnerable node
Scheduler Settings A toggle that specifies whether the node matching task automatically runs each day to determine if any of your nodes might be affected by known vulnerabilities. This option is disabled by default.
When this option is enabled, specify what time you want the matching job to run under Run at.
Run History High-level details about previously run node matching tasks.
-
To view more information about a task, click Open Details in the Actions column.
-
To remove task data from the database, click the checkbox to select one or more tasks, and then click Delete Selected.
-
Click Submit.
Configure the threshold for NCM firmware vulnerability alerts
-
Click Settings > All Settings.
-
Under Product Specific Settings, click NCM Settings.
-
Under Advanced, click Firmware Vulnerability Settings.
-
Click Vulnerability Alerting Settings.
-
Under Vulnerability alert score threshold, specify the severity level that triggers an NCM firmware vulnerability alert. The default is 5.
-
Click Submit.