Static Analysis - Updating NVD CVE data on an offline Axonius system

Offline Retrieval of NVD CVE Data

Customers who operate their own instance of Axonius Platform which doesn’t have access to the internet will find they don’t have the ability to have Installed Software lists enriched with CVE data from the NVD. Here we look at how to fetch these packages on a machine with Internet Access, and transfer to the internal Axonius system.

 

Requirement

A single system with access to the internet is required in order to download the data packages from NVD on a periodic basis. We install ‘nvdtools’ on this machine. Then using the tools, download respective packages and manually transfer these to the Axonius system. It may be easier to use a non-Windows system for the fetching & build of the Golang packages (there are Windows builds of a previous release [0.1.3], but they don’t seem to work for current versions of the NVD packages)

 

Procedure

On the Internet-facing machine: You’ll need a Golang environment to build the binaries needed for the next step. Visit https://go.dev/doc/install to get installed.
Download and build the latest release of nvdtools from the official GitHub repo: https://github.com/facebookincubator/nvdtools/releases

Use the latest (0.1.5) release as it has the latest ‘support’ for v1.1 JSON used for the NVD datasets. 

Command line steps will look like:

go install github.com/facebookincubator/nvdtools/...@latest
cd go/pkg/mod/github.com/facebookincubator/nvdtools@v0.1.5/cmd/
go install ./...
go mod init github.com/facebookincubator/nvdtools
go mod tidy
make
cp build/bin/* ~/go/bin/

 

Then, on the internet-access system, execute the following command in the extracted folder (from #1)

nvdsync -cve_feed cve-1.1.json.gz artifacts

 

Transfer all the files inside the created `artifacts` directory to the internal network
In an internal computer execute the following SCP command in order to update the NVD DB files on the Axonius system:

scp -r tmp_folder customer@IP:/home/ubuntu/cortex/plugins/static_analysis/nvd_nist/artifacts 

(Or just replace the `artifacts` folder on the Axonius machine with the transferred content, the path to replace is `/home/ubuntu/cortex/plugins/static_analysis/nvd_nist/artifacts`)

In the next cycle the new DB will be used automatically

Repeat

Re-running the `nvdsync` command again on the internet-facing machine will download the latest packages, and these will require transfer to the internal system and subsequent SCP to the Axonius system.

0

Comments

0 comments

Please sign in to leave a comment.

Didn't find what you were looking for?

New post