Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

 

 

 

Home > Success Center > Network Configuration Manager (NCM) > Not able to update Firmware Vulnerability Data in NCM

Not able to update Firmware Vulnerability Data in NCM

Table of contents
Created by Mariusz Handke, last modified by Mariusz Handke on Jan 24, 2017

Views: 1,696 Votes: 6 Revisions: 23

Updated: August 19, 2016

Overview

The National Institute of Standards and Technology (NIST) has recently made an update. This update limits SolarWinds NCM to download new Firmware Vulnerability Data. For more information check National Vulnerability Database (https://nvd.nist.gov/Data-Feeds/datafeedinfo). This data must now be downloaded directly from NIST, and then imported to NCM manually. 

Environment

  • NCM 7.4
  • There were some issues with Formatting in later NIST files.  NCM has fixed the search functionality in NCM v 7.5.

Steps

Verify the vulnerability announcements folder:

  1. Log in to the Web Console.
  2. Click Settings.
  3. Click Product Specific Settings >NCM Settings.
  4. Click Advanced > Firmware Vulnerability Settings.

  5. In Vulnerability Data Import Settings verify the location of the folder with vulnerability announcements XML data is stored, default location is C:\ProgramData\SolarWinds\NCM\Vuln\Xml

 

 

Download and import Firmware Vulnerability Data:

  1. Log into your SolarWinds NCM server

  2. Download the Firmware Vulnerability .zip file from NIST:
     

    http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-recent.xml.zip

    http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml.zip
     
  3. Extract the contents of the .zip files to C:\ProgramData\SolarWinds\NCM\Vuln\Xml

  4. Go back to the Firmware Vulnerability Settings and in Vulnerability Search Settings section click Run Now

    NOTE: Make sure that option "Direct urls to xml vulnerability announcements data files to be automatically downloaded and imported into database" is not selected.

 

For more information check Download and import Vulnerability data (http://www.solarwinds.com/documentation/orionNCM/docs/SolarWindsNCMVulnData.pdf). 

 

 

 

Last modified
03:26, 24 Jan 2017

Tags

Classifications

Public