In regards to fleetdm and the vulnerability database, it's been working great for us as in it reports what it can find with no false positives so far - which is great. However, I've been doing some comparing with Greenbone Vulnerability Manager and can't help but notice that GVM covers alot more (for partly obvious reasons) - but in regards to verifying vulnerable installed software, GVM does covers Ubuntu security updates which fleet does not seem to do, atleast not in v4.11.0.
https://ubuntu.com/security/notices/USN-5325-1 is caught by GVM and confirmed vulnerable, but the software package is not listed as vulnerable with the NVD feed and as such, not in fleetdm.
I've not been able to find a Debian situation that would be simular in our enviroment yet so I cannot confirm if the same situation would occur with Debian, but I am not closing that door.
Has anyone else been in this situation and managed to add more data sources to the vulnerability feed for fleet to cover Ubuntu/Debian security updates - and if so, how? :)
03/17/2022, 12:49 PM
Hi @Hans! We appreciate the feedback.
We are currently working on improving Fleet's Vulnerability Processing for Ubuntu and CentOS hosts, see #4218, #4518, #4405. We are considering using more specialized sources for vulnerabilities for Ubuntu and CentOS, particularly we are looking into using OVAL (https://oval.mitre.org/).