Applicable to Entuity v22.0 GA upwards
To assign CPEs to devices
To delete CPE Names
To export CPE Names
Introduction:
From the CPE Management tab under the Vulnerability Monitoring page, you can view and configure existing CPE Names, and add, modify or delete CPE Names across the devices with which they are associated. You can add any CPE Name to any device.
This tab has two tables, CPEs table and Devices table. The CPEs table lists the CPE Name entries on the Entuity server. The CPEs table is populated by the CPEs that are assigned to managed devices in your network. This data is drawn from the CPE Dictionary database in the Entuity backend and requires the Online Sync be enabled for the latest changes.
You can manually add CPEs to this table (which is useful if you cannot find it via CPE Search in the CPE Dictionary, or if you already know which CPE Names you wish to add), and remove them from it if you wish. CPEs in the table are not necessarily required to be assigned to any devices, e.g. you can disassociate a CPE from a device, and the CPE will not be removed from this table, but will be marked as 'Unassigned' in the table and their Device Count shown as 0.
Selecting a CPE from the CPEs table will populate the Devices table below with all the devices to which the selected CPE is associated.
This tab is applicable only to servers, not configuration sets.
CPE structure:
A CPE is an identifier used to match a vulnerability against hardware, an OS, or an application.
Entuity uses the CPE v2.3 Naming Specification for CPE names. The structure of CPE Names is as follows:
cpe:2.3:<part>:<vendor>:<product>:<version>:<update>:<edition>:<language>:<sw_edition>:<target_sw>:<target_hw>:<other>
where:
Attribute | Description |
---|---|
part |
|
vendor | product vendor/manufacturer. |
product | product title or name. |
version | vendor-specific alphanumeric string of the product release version. |
update | vendor-specific alphanumeric string of the product update, service pack, or point release. |
edition | (deprecated field - only required for backwards compatibility with CPE v2.2) edition-related terms applied by the vendor to the product. |
sw_edition | product market or end user class. |
target_sw | software computing environment on which the product operates. |
target_hw | instruction set architecture (e.g. x86) on which product operates. |
language | language supported in the product UI. Must be valid language tags as defined by RFC 5646. |
other | other vendor- or product-specific descriptive or identifying information that does not logically fit any other attribute above. |
CPEs table:
This table displays the following information:
Column Name | Description |
---|---|
CPE Name | full CPE name. |
Title | CPE's title/description, polled from NIST. |
Official ID | CPE's official ID, if applicable, polled from NIST. This column is hidden by default. |
Part |
|
Vendor | product vendor/manufacturer. This column is hidden by default. |
Product | product title or name. This column is hidden by default. |
Version | vendor-specific alphanumeric string of the product release version. This column is hidden by default. |
Update | vendor-specific alphanumeric string of the product update, service pack, or point release. This column is hidden by default. |
Edition | (deprecated field - only required for backwards compatibility with CPE v2.2) - edition-related terms applied by the vendor to the product. This column is hidden by default. |
Language | language supported in the product UI. Must be valid language tags as defined by RFC 5646. This column is hidden by default. |
SW Edition | product market or end user class. This column is hidden by default. |
Target SW | software computing environment on which the product operates. This column is hidden by default. |
Target HW | instruction set architecture (e.g. x86) on which product operates. This column is hidden by default. |
Other | other vendor- or product-specific descriptive or identifying information that does not logically fit any other attribute above. This column is hidden by default. |
NVD Last Modified | CPE's last modified date, polled from NIST. |
Deprecated Status | If the CPE is deprecated, either true or false. This column is hidden by default. |
Deprecated By | the CPE to which this selected CPE has been updated, or the CPE by which this selected CPE has been deprecated. |
Device Count | number of devices to which this CPE is assigned. |
Status |
status of individual CPE, either no status, Deprecated, Unrecognized, or Unassigned.
|
To add CPE Names:
You can add CPE Names to the CPEs table, from which you can then assign them to devices.
- Navigate to the CPE Management tab of the Vulnerability Monitoring page.
- Click Add CPEs at the top of the CPEs table (or via the Overflow Menu or right-click Context Menu).
- The Add CPEs form will open on the right of the window.
From this form, you can individually or bulk add CPE Names to the CPEs list that exists on the current server. You can remove a CPE or CPEs from this list via Remove CPEs.
Add CPE:
Click to add a single new CPE. You can add a new CPE via Text Input or Attribute (from the Input Method field:
- Text Input: manually specify the CPE Name. You can paste in a CPE Name from the clipboard.
- Attribute: The CPE Name will be created from the input fields below, each corresponding to a specific attribute for the CPE Name. Empty fields will default to ANY, which will then be formatted as a * wildcard in the CPE Name.
The fields can be completed in any order, although it is recommended that you complete the Part, Vendor and Product fields first to narrow down the suggestions provided for the subsequent fields.
- When you click Done to add your new CPE, Entuity will validate the CPE against the local CPE Dictionary with the following potential warnings:
- '[CPE] was not found in the local CPE Dictionary. Do you still wish to add this CPE?' - Yes adds CPE, No resumes form.
- '[CPE] is potentially too vague. [X] matching CPE(s) found! This may significantly increase scan times. Do you still wish to add this CPE?' - Yes adds CPE, No resumes form.
- '[CPE] has been deprecated by [Updated CPE]. Do you wish to add the updated CPE instead?' - Yes adds updated CPE, No adds original outdated CPE.
Any CPE Name added here will then populate the list on the original Add CPEs form, like so:
Bulk Add:
Click to add multiple CPEs.
Enter a list of CPE Names, separated by either commas or new lines. You can directly paste in the CPE names that have been added to your clipboard via the Copy CPE Name(s) to Clipboard or Export options from the CPE tables of both the Device Management tab or the CPE Management tab (see this section for Device Management or the below section for CPE Management).
CPE Names added here will then populate the list on the original Add CPEs form, like so.:
To replace a CPE Name:
You can select a single CPE Name in the CPE table and replace it with another. The previous CPE Name is deleted from the server, and replaced with the new CPE Name. The new CPE Name is a new object. Any existing device associations are retained.
Note, you cannot replace multiple CPE Names at the same time. But if the CPE Name you wish to replace is assigned to multiple devices, that CPE Name will be replaced on those multiple devices.
- Navigate to the CPE Management tab of the Vulnerability Monitoring page.
- From the CPEs table, select the CPE Name you wish to replace, and click Replace CPE above the table (or via the Overflow Menu or right-click Context Menu).
- The Replace CPE form will open on the right of the window. This is the same form as the Add CPE form (see above).
- Once you have specified your new CPE Name, click Done in the top right to add the new CPE Name, otherwise click Cancel.
- Once added, the new CPE Name will appear in the CPE table in place of the existing CPE Name.
To assign CPEs to devices:
- Navigate to the CPE Management tab under the Vulnerability Monitoring page.
- From the CPEs table, select a CPE and click Assign to Devices at the top of the table (or via the Overflow Menu or right-click Context Menu).
- The Devices form will open on the right of the window, listing the devices under management by Entuity. Select the device(s) to which you wish to assign the CPE and click Done in the top right, otherwise click Cancel.
To delete CPE Names:
- Navigate to the CPE Management tab under the Vulnerability Monitoring page.
- From the CPEs table, select the CPE Name(s) you wish to delete, and click Delete CPEs at the top of the table (or via the Overflow Menu or right-click Context Menu).
- A deletion confirmation dialog will open. Click Yes to delete.
To export CPE Names:
From the CPE table, you can select one or more CPEs to export. There are two ways by which this is possible:
Copying to clipboard:
- From the CPEs table, select the CPE Names you wish to copy/export.
- Right-click to open the Context Menu. Click Copy CPE Name(s) to Clipboard.
This will copy the selected CPE Name(s) to your clipboard as a comma-separated list, which means you can paste them in this format where needed, e.g. when adding CPE Names in bulk (see above).
Table export:
- From the CPEs table, select the CPE Names you wish to copy/export (no selection needed if you are exporting the entire table)
- From the Overflow Menu, click Export.
- The Export Table Content form will open on the right. Specify your export parameters and click Done in the top right.
- From the resultant .csv file, you can copy the CPE Name column and paste it where needed, e.g. when adding CPE Names in bulk (see above).
Devices table:
The Devices table is populated with the list of devices to which the CPEs selected in the CPEs table above are assigned.
This table displays the following information:
Column Name | Description |
---|---|
Asset Name | device name, as taken from Asset Management. |
IP Address | device's IP address, as taken from Asset Management. This column is hidden by default. This column is hidden by default. |
Type | device type, as taken from Asset Management. This column is hidden by default. This column is hidden by default. |
Vendor | device's manufacturer, as taken from Asset Management. This column is hidden by default. |
Model | device's model, as taken from Asset Management. This column is hidden by default. |
Version | device's version, as taken from Asset Management. This column is hidden by default. |
Description | device's description, as taken from Asset Management. This column is hidden by default. |
Polled Name | device's polled name, as taken from Asset Management. This column is hidden by default. |
CPEs | CPEs assigned to the selected device(s). If more than one CPE is assigned, the CPEs are separated by commas. This column is hidden by default. |
To remove a device from the list of devices to which a CPE is assigned:
- Navigate to the CPE Management tab under the Vulnerability Monitoring page.
- From the CPEs table, select a CPE.
- From the Devices table, select the device(s) to which you no longer wish the specified CPE be assigned.
- Click Remove Devices at the top of the table (or via the Overflow Menu or right-click Context Menu).
- A removal confirmation dialog will appear to prevent accidental removal.
Comments
0 comments
Please sign in to leave a comment.