- About the VulnDB Software Vulnerability Management Integration Add-on
- Enabling Software Vulnerability Management in Device42
- Using the Device42 Software Vulnerability Management integration
About the VulnDB Software Vulnerability Management Integration Add-on
Device42’s Software Vulnerability Management integration (aka SVM add-on) is an optionally licensed add-on that enables users to manage software vulnerabilities right from the Device42 CMDB. All of an IT infrastructure’s auto-discovered software components present in the D42 CMDB are checked against Risk Based Security’s (aka RBS) VulnDB vulnerability database.
With the Device42 + VulnDB integration [available on Device42 v15.17.00+], users can:
View any CVEs & vulnerabilities that apply to the auto-discovered [and manually added] software assets in the Device42 CMDB
Identify devices that contain software affected by one or more specific vulnerabilities
View detailed vulnerability information, including remediation and solution information for each vulnerability
Leverage VulnDB’s software product ratings to identify risky software and to help pre-qualify software purchase decisions
Enabling Software Vulnerability Management in Device42
Pre-requisites: You must have a current Device42 license with the Software Vulnerability Management add-on AND Software License Management to successfully activate this integration with the instructions below.
- Begin by heading to the Device42 main menu. Choose ‘Integrations’ from the ‘Tools’ menu, then select VulnDB as pictured below, labeled #1.
- Select the checkbox next to ‘Enable VulnDB’, highlighted in the image above and labeled as #2.
- Press the blue “Save” button in the bottom right hand corner, labeled as #3 in the image above. As long as your Device42 license is current and includes the VulnDB Software Vulnerability Management feature, you should see a message stating “Your configuration has been saved.”:
- You’re all set! The VulnDB integration is enabled. You are now free to leave the VulnDB Setup screen, or to close your browser. The integration will remain enabled.
VulnDB Webhooks & Supplementary functionality information
When you enable the VulnDB integration by following the steps above, the VulnDB integration will create Webhook endpoints and actions to keep both the software list & vulnerability list up-to-date and in-sync with the information in VulnDBs master list. After this initial sync is performed, there is daily sync, and a webhook-driven sync that happen between your Device42 instance and the Device42 vulnerability cloud instance:
One-time initial sync
Full Sync: A one-time, initial “full” sync takes place once the integration is activated. A list consisting simply of discovered software names and vendors [no identifying information] is synced up to the Device42 cloud. This initial, full sync takes the longest.
Incremental Daily Sync: The integration configures a daily incremental sync that pulls down any new vulnerabilities that were added to the Device42 master vulnerability database.
Webhook-based sync: The VulnDB webhook endpoint that was automatically created when you activated the integration handles syncing newly added Software and/or Vendor information with the Device42 vulnerability cloud instance. This webhook (like all Device42 webhooks) is triggered along with Device42’s audit-log entries. Note that as a side effect of this requirement, if a user of the VulnDB integration chooses to globally disable audit-logging, VulnDB-related events will still be logged to support the webhook-based sync. This webhook will be retried until it succeeds.
This webhook, which can not be deleted as long as the VulnDB integration is enabled, is visible in the webhook list, which is reachable from the Device42 main menu, Tools -> Webhook Endpoints:
Using the Device42 Software Vulnerability Management integration
Viewing Software Component Vulnerabilities
The Device42-VulnDB Software Vulnerability Management integration enables the quick and easy location of vulnerable software across your entire IT deployment. To find vulnerable software, view your Software Components from the Device42 main menu, Apps -> Software -> Software Components:
From this screen you can view, sort, and can search for specific software components. Each component line item includes the “Discovered Count”, which represents number of times each component has been discovered deployed somewhere in your environment, the “VulnDB Product Rating” for that component (if it has one), and finally the Vulnerability Count for that software component.
View specific software component vulnerability details
From the “Select Software Component to view” list screen, with the VulnDB integration enabled, you can simply click on a component name to view specific vulnerability details as available in the VulnDB database. Note that only software with a Vulnerability Count > 0 will have vulnerabilities listed; software components with a vulnerability count of 0 have no known vulnerability entries in the VulnDB database.
When you click a software component name, you will see the following information:
Vulnerability Details Explained
The following information is available for each vulnerability:
Vulnerability ID: The VulnDB-specific ID of the that specific vulnerability.
Title: A brief description of the vulnerability details.
Version: The version of the software that the listed vulnerability applies to.
CVSS Score: 1-10, 10 being the most severe. VulnDB rates vulnerability importance; remediate higher CVSS vulnerabilities first.
Published Date: The date the vulnerability was initially published.
Last Modified: The last time VulnDB modified this vulnerability entry.
Viewing details and remediation information for a specific vulnerability
To view detailed information about a particular vulnerability, including solution/remediation information, simply click the “Vulnerability ID” of the vulnerability of interest (labeled in above image, previous section).
Clicking a Vulnerability ID brings you to the detail page for that particular vulnerability; the following example information describes an authentication bypass vulnerability for MS SQL Server 2008 R2: