Configuring the CVRF Solution Integration for Oracle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-12-2023 09:54 AM
I am working on configuring a solution management integration using the CVRF type of file for Oracle.
Specifically, I am following this document reference and noticed it even references Oracle:
Within that document it has a note: "Oracle directly publishes the CVRF URL for providing solutions. Thus, if you want to configure the integration for importing Oracle data, then ensure you have the CVRF URL for Oracle and follow the following steps."
My question is what is that URL? Oracle seems to have Critical Patch Updates in CVRF format and I have a URL reference to that document. (https://www.oracle.com/docs/tech/security-alerts/cpujul2023cvrf.xml) but is this document from Oracle the correct document to use for this Solutions integration?
I also attempted this integration following the API instructions for CVRF (https://docs.servicenow.com/bundle/vancouver-security-management/page/product/vulnerability-response...) and was able to get it to process the Oracle critical patch update file but it jammed all of the data for the multiple CVEs into one solution record.
I see there is a step that talks about copying the "retrieve list" action, are there any more details about this step?
Thanks for any assistance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-22-2023 10:55 AM
Hi,
All the Oracle Security Advisories can be found over here: https://www.oracle.com/in/security-alerts/
And then you can get the CVRF URL for each of the advisory.
Examples:
1. Oracle Critical Patch Update Advisory - October 2023: https://www.oracle.com/docs/tech/security-alerts/cpuoct2023cvrf.xml
2. Oracle Critical Patch Update Advisory - July 2023 : https://www.oracle.com/docs/tech/security-alerts/cpujul2023cvrf.xml
You can get the CVRF URLs in the similar format and upload each one by one.
Please note that a single Advisory/CVRF URL will result in the creation of a single solution/bulletin.
Hope this helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-11-2024 10:44 AM
But isn't theree part of the the CVRF framework that consumes the bulletin and automatically iterate over the list of URLs embedded in the advisory?
Can you give any guidance on the scenario of this production documentation:
https://docs.servicenow.com/bundle/utah-security-management/page/product/vulnerability-response/task...
Which talks about updating workflow actions, and pagination parameters. To me that sounds like the capability to iterate over a document and pump in all of the individual CVRF solution IDs but it's very light on details and granular steps or examples.
Thanks.
