I wasn't completely satisfied with the work I did tieing Bigfix to BASE. It was working for me, but required a few mouse clicks to see if a machine was actually vulnerable to an attack because it was missing a patch, or an application update.
Bigfix keeps track of Microsoft Patches, and also some third party applications, and the CVE number is available. It was pretty easy to query this information from Bigfix WebReports via PHP, and somewhat easy to modify BASE to take the CVE number out of the alert and compare it to what Bigfix returns.
I opted to do this on the Unique IP Links screen, so that I could control more easily when the query would go out to the Bigfix server, and also because I typically use that screen to get an overview of what systems are alerting. When Bigfix shows a computer has the CVE that matches the alert, the fully qualified name is displayed in red font.
The two BASE files I made changes to are base_signatures_inc.php (to get the CVE number from the alert) and base_stat_iplink.php (to run the bigfix query and display the font in red). If you want to know more about how I did this, or want the files themselves, drop me an email.
Friday, October 1, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment