- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-18-2022 02:00 PM
Hi all,
We are looking to use VCR rules to classify our vulnerabilities (platform vs application). We want to use the Common Platform Enumeration (CPE) in the VCR rule condition. The following is an example how I want to build out a VCR rule to classify vulnerabilities as an application.
All of these conditions must be met:
CPE contains cpe:/a
Set these values:
Classification = Application
Classification Type = Other
Problem is the CPE data doesnt seem to be available to select from in the condition. Am I missing it or is this not an option? I can see the CPE data in the Tenable System Import sets, but CPE is not being populated in the Third-Party vulnerability entry's or anywhere else that I can see. Is this possible?
Solved! Go to Solution.
- Labels:
-
Vulnerability Response
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2022 07:01 AM
Sidenote: This is so weird, I have had at least three people ask me about CPE in the last week. Anyways....
The CPE data is on the Third-Party Vulnerability Entry table.
So, the CPE's Vendor and Product are copied over to the Third-Party Vulnerability Entry [sn_vul_third_party_entry] (i.e., your Tenable, Rapid7, Qualys, etc. vul library)... but the "Part" (aka Type: a,h,o) is not.
Vote up this idea so we can get the "Part" included in the TPE.
Until then, you will need customization..... the TenableTPEUtil Script Include. Customization should not be taken lightly and must be accounted for in each release.
Basic Steps
- Add a new field to the TPE
- Modify _processCpeData() (In TenableTPEUtil )
- the "obj" variable contains the raw CPE data
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2022 01:07 PM
HI,
You will find this in proof field on detections linked to VITS.
Thank you,
Ashutosh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2022 07:01 AM
Sidenote: This is so weird, I have had at least three people ask me about CPE in the last week. Anyways....
The CPE data is on the Third-Party Vulnerability Entry table.
So, the CPE's Vendor and Product are copied over to the Third-Party Vulnerability Entry [sn_vul_third_party_entry] (i.e., your Tenable, Rapid7, Qualys, etc. vul library)... but the "Part" (aka Type: a,h,o) is not.
Vote up this idea so we can get the "Part" included in the TPE.
Until then, you will need customization..... the TenableTPEUtil Script Include. Customization should not be taken lightly and must be accounted for in each release.
Basic Steps
- Add a new field to the TPE
- Modify _processCpeData() (In TenableTPEUtil )
- the "obj" variable contains the raw CPE data
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2022 11:12 AM
@Chris McDevitt - Are there any updates on future releases of VR supporting the "Part" included in the TPE? Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2022 12:59 PM
