Title
#general
Mystery Incorporated

Mystery Incorporated

06/19/2021, 3:22 PM
Is anyone using osquery to check software against CVEs for vulnerabilities?
spookerlabs

spookerlabs

06/19/2021, 4:25 PM
I think you will like this issue https://github.com/fleetdm/fleet/issues/405
Mystery Incorporated

Mystery Incorporated

06/19/2021, 4:42 PM
Thanks, ah ok so it's not possible yet? But fleetdm should do it in the future?
s

seph

06/19/2021, 5:30 PM
I’ve done this as a PoC. There’s a lot to build.
5:30 PM
osquery will give you a package/application/whatever and their reported version. Matching those to CVEs requires some work. I don’t think I’ve seen an OSS implementation
Mystery Incorporated

Mystery Incorporated

06/19/2021, 7:42 PM
wazuh is an OSS implementation doing it, but now I realise that you mean an OSS implementation using osquery.
s

seph

06/19/2021, 8:02 PM
That fleet issue has lots of good links to dive into.
l

Liam

06/20/2021, 9:26 AM
We use https://github.com/facebookincubator/nvdtools internally to do this - have a Query that returns in CPE format and then persist that into a Cassandra DB and our Data platform