Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
s
SK
12/21/2021, 2:15 PMHey all, great improvements in the latest Fleet version 🎉😛artyparrot: I was wondering is there a way at this moment to search based on CVE? I saw that future versions might hold this feature but I was wondering if there is a workaround I can use at this moment.
l
Lucas Rodriguez
12/21/2021, 2:16 PMHi SK! Let me check with the team and I'll get back to you.
I was wondering is there a way at this moment to search based on CVE?Do you mean to filter the vulnerable detected software by some CVE entered by the user?
E.g. "of all the vulnerable software only list those affected by CVE-X-Y"
n
Noah Talerman
12/21/2021, 3:59 PMHey SK, the ability to search by CVE is tracked in the following GitHub issue here: https://github.com/fleetdm/fleet/issues/2814
The ability to search for a specific CVE is planned for an upcoming release of Fleet.
s
SK
12/21/2021, 4:10 PMHey @Lucas Rodriguez Yes the idea is, to filter the vulnerable software based on CVE that is detected
Hey @Noah Talerman I indeed saw this one but was not clear for me what the timeframe would be, that is why I was thinking on a workaround for now
n
Noah Talerman
12/21/2021, 4:18 PMwas not clear for me what the timeframe would beAh. This improvement will likely be added in early to late Feb 2022 (~1.5-2 months)
l
Lucas Rodriguez
12/21/2021, 4:27 PMOne way to workaround this is to use the
fleetctl get hostsIn my local test I did:
fleetctl get hosts $my_test_hostname > test.txt
# In test.txt I found the following (the test host has a sqlite version that has a CVE):
- generated_cpe: cpe:2.3:a:sqlite:sqlite:3.36.0:*:*:*:*:*:*:*
id: 398
name: sqlite
source: homebrew_packages
version: 3.36.0
vulnerabilities:
- cve: CVE-2021-36690
details_link: <https://nvd.nist.gov/vuln/detail/CVE-2021-36690>😛artyparrot: 2
s
SK
12/21/2021, 4:33 PMOw that is a great idea @Lucas Rodriguez thanks.
👍 1
It seems to only work when querying individual hosts and not all at once...
Figured it out, not host based but if I retrieve the software list in json format I also get all the CVE's
👍 1