Submit a ticketCall us

Putting Your Logs Where They Belong with the New SolarWinds Log Manager for Orion

The new SolarWinds® Log Manager for Orion® finally puts your log data right where it belongs, in the heart of your Orion console. Gain insight into the performance of your infrastructure by monitoring your logs in a unified console allowing you to see a wealth of information about the health and performance of your network and servers.

Reserve a Seat for Wednesday May 23rd 11am CDT | Reserve a Seat for Tuesday May 22nd 10:30am GMT | Reserve a Seat for Tuesday May 22nd 1pm SGT / 3pm AEST

Home > Success Center > Network Configuration Manager (NCM) > Not able to update Firmware Vulnerability Data in NCM

Not able to update Firmware Vulnerability Data in NCM

Table of contents

Updated December 19th, 2017

Overview

The National Institute of Standards and Technology (NIST) has recently made an update. This update limits SolarWinds NCM to download new Firmware Vulnerability Data. For more information check National Vulnerability Database (https://nvd.nist.gov/Data-Feeds/datafeedinfo). This data must now be downloaded directly from NIST, and then imported to NCM manually. 

Environment

  • NCM 7.4 
  • There were some issues with Formatting in later NIST files.  NCM has fixed the search functionality in NCM v 7.5. 

Steps

Verify the vulnerability announcements folder:

  1. Log in to the Web Console.
  2. Click Settings.
  3. Click Product Specific Settings >NCM Settings.
  4. Click Advanced > Firmware Vulnerability Settings.

  5. In Vulnerability Data Import Settings verify the location of the folder with vulnerability announcements XML data is stored, default location is C:\ProgramData\SolarWinds\NCM\Vuln\Xml

  6. Log into your SolarWinds NCM server

  7. Download the Firmware Vulnerability .zip file from NIST:
     

    http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-recent.xml.zip

    http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml.zip
     
  8. Extract the contents of the .zip files into the folder (see above).

  9. Go back to the Firmware Vulnerability Settings and in Vulnerability Search Settings section click Run Now.

    NOTE: Make sure that option "Direct urls to xml vulnerability announcements data files to be automatically downloaded and imported into database" is not selected otherwise NCM will attempt to retrieve files from NIST and will fail.

 

For more information check Download and import Vulnerability data

(http://www.solarwinds.com/documentation/orionNCM/docs/SolarWindsNCMVulnData.pdf).

Last modified

Tags

Classifications

Public