4 Replies Latest reply: Feb 14, 2013 7:01 PM by cgrim RSS

    Static vuln sets

    John M Sopp

      I would like to create a static vuln set without having to

      1. Stop FSUpdate
      2. Check each vuln we want to use individually


      Take the use case for creating a vuln set including ONLY high rated vulnerabilities and No Intrusive checks, where this check set remains static, as we will want to base future scans across a month on the same vulns set for like comparison.

      MVM version 7.5.0

      We have tried to use the search feature in mvm while creating a vuln set, but it did not work.(used the following steps)

      • create a new vuln set-tree based
      • display by category name-make sure everything is de-selected
      • search by risk level=high
      • check the non intrusive branch, de-select any categories not desired to scan
      • clear search just to verify nothing information,low, or medium was selected.

      Result: Nothing at all appears to be checked, so we cant even move on to the next step to disable new checks(de-select "run new checks")


      All help is appreciated!


        • 1. Re: Static vuln sets

          Hi John,


          I've been thinking about this in conjunction with the question I posted about this, and in my case, the only way I see to be able to do this is to have a scan engine that doesn't update fsl scripts.  In our case however, it's just not practical as the scan I want to do the validation with touches 45,000 machines and runs across 6 scan engines.


          In playing with what Cathy suggested, and I think what you referred to in creating a new vuln set, I found if I create a new scan based on my vuln set, preview it, then "un-preview" it, the selected vulns will remained checked and I can click the advanced button to display the "run new checks" check-box.


          The problem I see with that however is in the case of a check that has been updated, how does MVM determine how to do this?  Are the old fsl scripts kept and somewhere in the job the old fsl script is kept static?  Or is an updated script technically not a new script so it will run against the updated script which might include a patch/workaround that didn't exist before.  To explain better, if I create a scan today, and it includes 111111.fsl, and I run the same scan again in 30 days and 111111.fsl has been updated, will there be a new 111111a.fsl, and if so, does the original 111111.fsl remain on the system and is referenced somewhere in the scan job.  OR, is 111111.fsl overwritten with the updated check and keeps the same name.  Hope that's understandable!



          • 2. Re: Static vuln sets
            John M Sopp

            Thanks for the workaround via the preview/unpreview. It works!  I hope some time in development is spent on revamping the vuln selection though-not a big fan of leveraging workarounds for key tasks.

            • 3. Re: Static vuln sets

              Cool. glad it works!


              I agree with you.  Not a big fan of chewing gum and duct tape either (but somehow always finding myself resorting to that!)

              • 4. Re: Static vuln sets

                I'm glad to see the collaboration.  Thanks Joe.  Sorry you feel that way about duct tape and gum...