Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Network Configuration Manager (NCM) > Not able to update Firmware Vulnerability Data in NCM

Not able to update Firmware Vulnerability Data in NCM

Table of contents
Created by Mariusz Handke, last modified by Mariusz Handke on Dec 19, 2017

Views: 2,335 Votes: 6 Revisions: 26

Updated: August 19, 2016

Overview

The National Institute of Standards and Technology (NIST) has recently made an update. This update limits SolarWinds NCM to download new Firmware Vulnerability Data. For more information check National Vulnerability Database (https://nvd.nist.gov/Data-Feeds/datafeedinfo). This data must now be downloaded directly from NIST, and then imported to NCM manually. 

Environment

  • NCM 7.4 and later
  • There were some issues with Formatting in later NIST files.  NCM has fixed the search functionality in NCM v 7.5.

Steps

Verify the vulnerability announcements folder:

  1. Log in to the Web Console.
  2. Click Settings.
  3. Click Product Specific Settings >NCM Settings.
  4. Click Advanced > Firmware Vulnerability Settings.

  5. In Vulnerability Data Import Settings verify the location of the folder with vulnerability announcements XML data is stored, default location is C:\ProgramData\SolarWinds\NCM\Vuln\Xml

  6. Log into your SolarWinds NCM server

  7. Download the Firmware Vulnerability .zip file from NIST:
     

    http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-recent.xml.zip

    http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml.zip
     
  8. Extract the contents of the .zip files into the folder (see above).

  9. Go back to the Firmware Vulnerability Settings and in Vulnerability Search Settings section click Run Now.

    NOTE: Make sure that option "Direct urls to xml vulnerability announcements data files to be automatically downloaded and imported into database" is not selected otherwise NCM will attempt to retrieve files from NIST and will fail.

 

For more information check Download and import Vulnerability data

(http://www.solarwinds.com/documentation/orionNCM/docs/SolarWindsNCMVulnData.pdf).

Last modified

Tags

Classifications

Public