CVE stands for “Common Vulnerabilities and Exposures”. The CVE number is a unique identifier used by vendors. By using a common identifier, cybersecurity professionals can more easily communicate about vulnerabilities and exposures, which makes it easier to coordinate efforts to fix or mitigate them. Each CVE entry contains a description of the vulnerability or exposure, as well as information about how to mitigate or fix it.
OpsRamp uses CVE in the Patch Management process to identify which vulnerabilities and exposures require patching.
How to get the CVE information and uses of these information into OpsRamp patch management process:
- Each time we run an “asset info scan” on a device to collect information about the installed software. This software’s information includes the CVEs number, which is published by the vendors.
OpsRamp uses the latest installed software information from Agent to detect if there are any CVEs published by the vendors. - OpsRamp obtains CVE information from the OVAL advisory and the NVD database.
- Now, we only support detecting the CVEs information from Ubuntu and RedHat operating systems.
In the OpsRamp Patch Management, we have added CVE Insights page and CVE Details page.
To view the CVE information, navigate to Configuration Management > Patch Management and then click the Menu bar icon.
Prerequisite
- A “asset info scan” must be run on the resource on a regular basis.
- It will work with Agent version 15.0.0 and above.
Note
The Patch CVE is not available for all the customers and will be made available based on consumer requests. You can contact to our Customer Support team for further clarification.View the CVE Insights Page
Follow the steps below to see the CVE Insights page:
- Login to OpsRamp Portal.
- Select a client from the All Clients list.
- Go to Configuration Management > Patch Management.
- On the left side of this page, click the Menu bar icon.
- Click the Insights under the CVE tab.
- Here you will see CVE Insights landing page.
By clicking on any of the displayed numbers above, it will provide you with detailed information. Here is an example of what you can expect when click on “Impacted Resources”:
The following table describes the various widgets displayed on the Insights page:
Widgets | Description |
---|---|
Resources | See the total number of resources for the selected client. |
Impacted Resources | Number of resources impacted for CVE out of of total resources. |
Severity By CVE | Type of Severity impacted for each resources: - Critical - High - Medium - Low - None |
By Operating System | See the list of operating system impacted by CVE with Severity categories. |
View the CVE Details Page
Follow the steps below to see the CVE Details page:
- Login to OpsRamp Portal.
- Select a client from the All Clients list.
- Go to Configuration Management > Patch Management.
- On the left side of this page, click the Menu bar icon.
- Click the Details under the CVE tab.
- Here you will see CVE Details listing page. You can view the CVE details by selecting the CVE or RESOURCES option.
By using CVE option:
The CVE option enables you to view the list of CVE id for the impacted devices.
You can fix the CVE for impcted resources by clicking Fix option.
By using RESOURCES option:
The RESOURCES option enables you to view the list of devices with the number of CVE.
By clicking on any of the displayed Device Name above, you will be provided detailed information about the CVEs number for that specific device. Here is an example of what you can expect:
The following table describes the various information displayed on the Details page:
Name | Description | |
---|---|---|
BY CVE | CVE ID | It is a unique, alphanumeric identifier assigned by the CVE Program. Each identifier references a specific vulnerability. |
Severity | It shows the effect of severity on the operating system. | |
Description | Detailed description mentioned for the CVE ID. | |
Impacted OS | Listed of impacted OS. | |
Impacted Resources | Show the number of resources impacted against each CVE. | |
BY RESOURCES | Device Name | Name of the device. |
IP Address | Show the IP Address of the devices. | |
Operating System | Show the operating System for the devices. | |
CVE | Show the number of Common Vulnerabilities and Exposures (CVE) against each device. |