Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
614 Views 4 Replies Latest reply: Feb 14, 2013 7:01 PM by cgrim RSS
John M Sopp The Place at McAfee Member 88 posts since
Nov 17, 2009
Currently Being Moderated

Feb 13, 2013 8:16 AM

Static vuln sets

I would like to create a static vuln set without having to

  1. Stop FSUpdate
  2. Check each vuln we want to use individually

 

Take the use case for creating a vuln set including ONLY high rated vulnerabilities and No Intrusive checks, where this check set remains static, as we will want to base future scans across a month on the same vulns set for like comparison.

MVM version 7.5.0

We have tried to use the search feature in mvm while creating a vuln set, but it did not work.(used the following steps)

  • create a new vuln set-tree based
  • display by category name-make sure everything is de-selected
  • search by risk level=high
  • check the non intrusive branch, de-select any categories not desired to scan
  • clear search just to verify nothing information,low, or medium was selected.

Result: Nothing at all appears to be checked, so we cant even move on to the next step to disable new checks(de-select "run new checks")

 

All help is appreciated!

-John

  • vfguy11 Newcomer 25 posts since
    Oct 17, 2012
    Currently Being Moderated
    1. Feb 13, 2013 10:23 AM (in response to John M Sopp)
    Re: Static vuln sets

    Hi John,

     

    I've been thinking about this in conjunction with the question I posted about this, and in my case, the only way I see to be able to do this is to have a scan engine that doesn't update fsl scripts.  In our case however, it's just not practical as the scan I want to do the validation with touches 45,000 machines and runs across 6 scan engines.

     

    In playing with what Cathy suggested, and I think what you referred to in creating a new vuln set, I found if I create a new scan based on my vuln set, preview it, then "un-preview" it, the selected vulns will remained checked and I can click the advanced button to display the "run new checks" check-box.

     

    The problem I see with that however is in the case of a check that has been updated, how does MVM determine how to do this?  Are the old fsl scripts kept and somewhere in the job the old fsl script is kept static?  Or is an updated script technically not a new script so it will run against the updated script which might include a patch/workaround that didn't exist before.  To explain better, if I create a scan today, and it includes 111111.fsl, and I run the same scan again in 30 days and 111111.fsl has been updated, will there be a new 111111a.fsl, and if so, does the original 111111.fsl remain on the system and is referenced somewhere in the scan job.  OR, is 111111.fsl overwritten with the updated check and keeps the same name.  Hope that's understandable!

     

    Joe.

  • vfguy11 Newcomer 25 posts since
    Oct 17, 2012
    Currently Being Moderated
    3. Feb 13, 2013 2:55 PM (in response to John M Sopp)
    Re: Static vuln sets

    Cool. glad it works!

     

    I agree with you.  Not a big fan of chewing gum and duct tape either (but somehow always finding myself resorting to that!)

  • Community Leader 479 posts since
    Nov 3, 2009
    Currently Being Moderated
    4. Feb 14, 2013 7:01 PM (in response to vfguy11)
    Re: Static vuln sets

    I'm glad to see the collaboration.  Thanks Joe.  Sorry you feel that way about duct tape and gum...

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points