Updating National Vulnerability Database Data Feeds

Administrator updates the BigFix Compliance Analytics periodically to upload and sychronize the latest vulnerabilities.

To maintain accuracy and timeliness of BigFix Compliance Analytics Vulnerability reports, the BigFix Compliance Analytics administrator must periodically upload and synchronize the latest vulnerabilities, as the original data feed initiated during the BigFix Compliance Analytics vulnerabilities domain activation will become obsolete over time.

Many fixlets from BigFix Server patch sites with known vulnerabilities have corresponding CVE-IDs in the BES Console details tab. New or updated fixlets in BigFix patch sites have corresponding vulnerability with CVE-IDs that match the new CVE-IDs of the NVD data feeds. The new CVEs can be uploaded manually by the BigFix Compliance Analytics administrator from the NVD data feeds site, and the BigFix Compliance Analytics ETL Import must be initiated to include the new CVEs patch and vulnerability reports. After the import is complete, the new or updated vulnerabilities in BigFix Compliance Analytics vulnerability reports will have updated CVEs.

The .gz NVD files are uploaded for ETL import, and these files are located in the National Vulnerability Database website. The file must be in the format nvdcve-n.n-yyyy.json.gz to initiate the ETL import process. A .zip file can also be used.

Fixlet 1005 - Download NVD CVE Data Files in the SCM Reporting site can be used to download and cache the current and previous year's data files.
Note:
  • Due to frequently changing data feeds, this Fixlet cannot perform an integrity check on the downloads.
  • Depending on your current CVE data requirements, you can set the Fixlet in the SCM reporting site as a recurring task, or create a scheduled task and script to download and cache new files regularly, monthly, weekly, or more often depending on your requirements.
Steps to initiate the ETL import:
  1. Download new or update .gz files using the JSON .gz links.
    Note: Before initiating an ETL import, copy .gz files into the BigFix Compliance Analytics directories depending on whether the current version is upgraded to BigFix Compliance Analytics V10 (Location 1), or if the BigFix Compliance Analytics V10 was installed new without an upgrade (Location 2).
    • Location 1: C:\Program Files\IBM\SCA\wlp\usr\servers\server1\apps\tema.war\WEB-INF\data\pr\nvd\
    • Location 2: C:\Program Files\Bigfix Enterprise\SCA\wlp\usr\servers\server1\apps\tema.war\WEB-INF\data\pr\nvd\
  2. Start the Import.