Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Network Configuration Manager (NCM) > Not able to update Firmware Vulnerability Data in NCM

Not able to update Firmware Vulnerability Data in NCM

Table of contents
Created by Mariusz Handke, last modified by Mariusz Handke on Jan 24, 2017

Views: 217 Votes: 6 Revisions: 23

Updated: August 19, 2016

Overview

The National Institute of Standards and Technology (NIST) has recently made an update. This update limits SolarWinds NCM to download new Firmware Vulnerability Data. For more information check National Vulnerability Database (https://nvd.nist.gov/Data-Feeds/datafeedinfo). This data must now be downloaded directly from NIST, and then imported to NCM manually. 

Environment

  • NCM 7.4
  • There were some issues with Formatting in later NIST files.  NCM has fixed the search functionality in NCM v 7.5.

Steps

Verify the vulnerability announcements folder:

  1. Log in to the Web Console.
  2. Click Settings.
  3. Click Product Specific Settings >NCM Settings.
  4. Click Advanced > Firmware Vulnerability Settings.

  5. In Vulnerability Data Import Settings verify the location of the folder with vulnerability announcements XML data is stored, default location is C:\ProgramData\SolarWinds\NCM\Vuln\Xml

 

 

Download and import Firmware Vulnerability Data:

  1. Log into your SolarWinds NCM server

  2. Download the Firmware Vulnerability .zip file from NIST:
     

    http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-recent.xml.zip

    http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml.zip
     
  3. Extract the contents of the .zip files to C:\ProgramData\SolarWinds\NCM\Vuln\Xml

  4. Go back to the Firmware Vulnerability Settings and in Vulnerability Search Settings section click Run Now

    NOTE: Make sure that option "Direct urls to xml vulnerability announcements data files to be automatically downloaded and imported into database" is not selected.

 

For more information check Download and import Vulnerability data (http://www.solarwinds.com/documentation/orionNCM/docs/SolarWindsNCMVulnData.pdf). 

 

 

 

Last modified
03:26, 24 Jan 2017

Tags

Classifications

Public