cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 8

CVE Feeds now compressed?

Hi,

I noticed the the NVD site recently changed the way that it present vulnerability feeds from non-compressed to compressed:

pastedImage_0.png

This means I now get an error every time NCM tries to grab the latest vulnerability info as it's looking for the xml:

pastedImage_1.png

Are people running a local winzip type tool on their plling engines to decompress the feeds before Solarwinds does the import? Or is there another location where I can point NCM to an uncompressed (and reliable) feed?

Thanks in advance

Darren

Labels (1)
0 Kudos
7 Replies
Level 12

Just came across this same issue and I quickly put this powershell together -

(New-Object Net.WebClient).DownloadFile('http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.zip','C:\Temp\nvdcve-2.0-Modified.x... -com shell.application).namespace('C:\ProgramData\SolarWinds\NCM\Vuln\Xml').CopyHere((new-object -com shell.application).namespace('C:\Temp\nvdcve-2.0-Modified.xml.zip').Items(),16);

(New-Object Net.WebClient).DownloadFile('http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Recent.xml.zip','C:\Temp\nvdcve-2.0-Recent.xml.z... -com shell.application).namespace('C:\ProgramData\SolarWinds\NCM\Vuln\Xml').CopyHere((new-object -com shell.application).namespace('C:\Temp\nvdcve-2.0-Recent.xml.zip').Items(),16);

0 Kudos
Level 8

Yea I did something similar.

Save the below as a ps1 file, like nvdupdate.ps1.

#Variables

$SOURCEDIR = "C:\ProgramData\Solarwinds\NCM\Vuln\Source"

$TARGETDIR = "C:\ProgramData\Solarwinds\NCM\Vuln\Xml"

$ErrorActionPreference  = "Stop";

Write-Host "Starting retrieval...¦" -foregroundcolor yellow;

#Check if source directory exists, if not create

if(!(Test-Path -Path $SOURCEDIR )){

    New-Item -ItemType directory -Path $SOURCEDIR

}

#Retrieve the compressed NVD Data Feeds

wget https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.zip -OutFile $SOURCEDIR\nvdcve-2.0-Modified.xml.zip

wget https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Recent.xml.zip -OutFile $SOURCEDIR\nvdcve-2.0-Recent.xml.zip

#Check if target directory exists, if not create

if(!(Test-Path -Path $TARGETDIR )){

    New-Item -ItemType directory -Path $TARGETDIR

}

Write-Host "Cleanup of old files...¦" -foregroundcolor yellow;

#Remove previous zip and extracted xml file older than 6 days

Get-ChildItem $SOURCEDIR -Recurse | ? {-not $_.PSIsContainer -and $_.CreationTime -lt (Get-Date).AddDays(-6)} | Remove-Item

Get-ChildItem $TARGETDIR -Recurse | ? {-not $_.PSIsContainer -and $_.CreationTime -lt (Get-Date).AddDays(-6)} | Remove-Item

Write-Host "Uncompress new files to directory...¦" -foregroundcolor yellow;

#Unzip the compressed NVD Data Feeds

Add-Type -assembly "system.io.compression.filesystem"

[io.compression.zipfile]::ExtractToDirectory("$SOURCEDIR\nvdcve-2.0-Modified.xml.zip", "$TARGETDIR")

[io.compression.zipfile]::ExtractToDirectory("$SOURCEDIR\nvdcve-2.0-Recent.xml.zip", "$TARGETDIR")

#Complete update

write-host "Update complete." -foregroundcolor green;

You can import the below into task manager to get it to run on a schedule, change the highlighted parts to fit your config.  Save the below as an XML to import into Task Manager.

<?xml version="1.0" encoding="UTF-16"?>

<Task version="1.3" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">

  <RegistrationInfo>

    <Date>Dateyouwantforcreate</Date>

    <Author>Yourname</Author>

  </RegistrationInfo>

  <Triggers>

    <CalendarTrigger>

      <StartBoundary>2015-01-24T12:00:00Z</StartBoundary>

      <Enabled>true</Enabled>

      <ScheduleByWeek>

        <DaysOfWeek>

          <Sunday />

        </DaysOfWeek>

        <WeeksInterval>1</WeeksInterval>

      </ScheduleByWeek>

    </CalendarTrigger>

  </Triggers>

  <Principals>

    <Principal id="Author">

      <UserId>S-1-5-18</UserId>

      <RunLevel>LeastPrivilege</RunLevel>

    </Principal>

  </Principals>

  <Settings>

    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>

    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>

    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>

    <AllowHardTerminate>true</AllowHardTerminate>

    <StartWhenAvailable>true</StartWhenAvailable>

    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>

    <IdleSettings>

      <StopOnIdleEnd>true</StopOnIdleEnd>

      <RestartOnIdle>false</RestartOnIdle>

    </IdleSettings>

    <AllowStartOnDemand>true</AllowStartOnDemand>

    <Enabled>true</Enabled>

    <Hidden>false</Hidden>

    <RunOnlyIfIdle>false</RunOnlyIfIdle>

    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>

    <UseUnifiedSchedulingEngine>false</UseUnifiedSchedulingEngine>

    <WakeToRun>false</WakeToRun>

    <ExecutionTimeLimit>P1D</ExecutionTimeLimit>

    <Priority>7</Priority>

    <RestartOnFailure>

      <Interval>PT1M</Interval>

      <Count>3</Count>

    </RestartOnFailure>

  </Settings>

  <Actions Context="Author">

    <Exec>

      <Command>PowerShell</Command>

      <Arguments>.\nvdcve-update.ps1</Arguments>

      <WorkingDirectory>C:\SetupWS</WorkingDirectory>

    </Exec>

  </Actions>

</Task>

Level 9

Thanks, this was very helpful.

0 Kudos
Level 8

Same issue here.  What are folks doing to make these available?

I was just thinking you could use powershell to get the latest file and extract it to a place on the NPM server for retrieval.

0 Kudos
Level 8

Yep that’s as far as I got but I’m not sure how to script it to run every week.

I might have a look at this:

https://whileloop.wordpress.com/2010/03/13/running-powershell-scripts-as-scheduled-task-like-cronjobs-for-windows/

Darren Hogan // Operations Director

Planned Absences:

24th December / 28th – 31st December inclusive

18 The Embankment, Vale Rd, Heaton Mersey, Stockport, Cheshire, SK4 3GN Tel: 0844 800 9213 Mob: 07741241778 Web: www.eison.com<http://www.eison.com>

<http://www.fasttrack.co.uk/fasttrack/leagues/tech100leaguetable.asp?siteID=3&searchName=&yr=2014&sort=num&area1=99> <https://twitter.com/EisonLtd> <https://www.linkedin.com/company/eison>

This e-mail and its attachments are intended for the addressee only and are confidential. If they have come to you in error you must delete them, without copying, forwarding or showing them. Please note that this e-mail has been created & sent in the knowledge that e-mail cannot provide completely secure or risk-free communication. Although Eison have taken steps to ensure that this e-mail and attachments are free from any virus, worm, trojan or related malicious code, we advise that in keeping with good computing practice the recipients should ensure that they also fully scan emails before accepting them.

0 Kudos
Level 8

Thanks for the quick reply.

I've got some running as scheduled tasks using something like that link.  Once I get this up and running I'll share.

0 Kudos
Level 10

Encountered the same issue as well. Would hope if NCM can handle the compressed files.

0 Kudos