Is the VulnCheck cpe’s up now? how can we upgrade ...
# fleeto
Ojas
04/23/2024, 11:07 AMIs the VulnCheck cpe’s up now? how can we upgrade to that ?
l
Lucas Rodriguez
04/23/2024, 1:44 PMHi @Ojas! Fleet with VulnCheck CPE enrichment is being released in fleet v4.49.0 (ETA: some time this week)
o
Ojas
04/23/2024, 1:44 PMAh sweet, thanks Lucas for the update.
Ojas
04/25/2024, 6:12 AMSo do we have to do any change or like add vulncheck api or is that all done automatically on backend ?
k
Kathy Satterlee
04/25/2024, 4:17 PMThat's all covered in Fleet.
o
Ojas
04/25/2024, 6:21 PMThanks for the update @Kathy Satterlee
But since i am not seeing the vulns being sent to automation webhook i am worried it might be broken somehow.
also in logs i see
{“cron”“vulnerabilities”,“level”“info”,“msg”:“skipping cve_meta parsing due to license check”,“ts”“2024 04 25T0700:54.456870618Z”}
so is this a premium feature now ?
l
Lucas Rodriguez
04/26/2024, 3:07 PMHi @Ojas
so is this a premium feature now ?Only the CVE metadata is premium (like CVSS score, known exploits, etc.)
k
Kathy Satterlee
04/26/2024, 3:10 PMAre there specific new vulnerabilities in your environment that you’d expect to trigger the webhook?
How long has it been since the webhook was triggered?
o
Ojas
04/26/2024, 7:11 PMit’s been a while i think since NVD stopped we havent seen new vulns from fleet.
And since the upgrade i see the number in fleet changing for vulns but still nothing goes to webhook 😕
Ojas
04/26/2024, 7:12 PMI was expecting it to be back to normal when vluncheck was pushed but still somehow we dont see new vulns coming in. Like we have known vulns of chrome version. but it’s not coming inf rom fleet to us by webhook
Ojas
04/29/2024, 7:15 AManything on this? any ideas how i can debug it?
it seems like a urgent problem now in my environment if it’s not affecting others
l
Lucas Rodriguez
04/29/2024, 2:48 PMHi @Ojas! But can you see the vulnerabilities in the UI? (If you go to Software -> Vulnerabilities)
o
Ojas
04/29/2024, 2:50 PMhey @Lucas Rodriguez
Yes i see these in UI and i do see the number changin as well. Few days back it was 356 and now its 486.
But the webhook we use to send these dosent have anything. We even tried with custom payload to see if webhook is workign and it turned out to be fine.
So now i am worried that something from fleet side is not working and i tried hunting in fleet logs but i dont see anything there
l
Lucas Rodriguez
04/29/2024, 2:51 PMOK cool, so seems vulnerabilities are working (being detected) but the webhook is not working, correct?
o
Ojas
04/29/2024, 2:51 PMyes the automation which should be sending these vulns to webhook is not working
Ojas
05/03/2024, 5:23 AMStill looking for a solution on this one.