We have numerous PA firewalls that alert for vulnerabilities. I also have a product that scans for vulnerabilities in my network. The scanning device has CVE numbers in its events. The PA has PA's unique identifier in its event. Is there a way for me to pull in the CVE into the Pans threat event so I can correlate the PANs threat events to my existing vulnerability events based on CVE number?
Hello, Chuck, and good morning to you sir!
First, this appears to be a question better suited for the general discussion forum as it doesn't appear to pertain to custom signatures.
However, I would like to point out that if you click on a value populating the "NAME" column in the threat monitor, the metadata for that threat name should appear like so:
The CVE associated is part of this metadata. I don't believe a separate column can be created.
Welcome to our community.
You can issue "configuration mode" command, like below:
admin@Luciano-PA-VM# show predefined threats vulnerability [press ENTER, don't press tab or ?]
and you will get json output where you will have CVE description:
threatname "HP Data Protector OmniInet Opcode Buffer Overflow Vulnerability";
threatname "HP Data Protector OmniInet Opcode 27 Buffer Overflow Vulnerability";
I think this is the only way to get something usable/useful, you could prolly run a script once a day (because you don't get updates more often) and just populate your fields what is the threat ID vs. the CVE.
Hope it helps, AFAIK this is the only (remotely) functional way to do it.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!