Consultation on dependencies in vulnerability detection msu-updates.json
49 views
Skip to first unread message
QC L
Oct 13, 2024, 11:28:56 PM10/13/24
to Wazuh | Mailing List
The configuration file mentions that KB2607712 depends on KB5034127 (as shown in the figure), but KB5034127 is a patch for Windows Server 2019, and no corresponding information about KB2607712 is found at https://support.microsoft.com/en-us/topic/january-9-2024-kb5034127-os-build-17763-5329-4de58ce5-eb0d-4b9a-95d1-aa15fe30b082 and https://www.catalog.update.microsoft.com/Search.aspx?q=KB5034127; and KB2607712 is a patch for Windows Server 2003, I didn't see any information about KB5034127 in https://catalog.update.microsoft.com/Search.aspx?q=KB2607712.
Can anyone tell me how the dependencies object is generated? Thanks.
Can anyone tell me how the dependencies object is generated? Thanks.
hasitha.u...@wazuh.com
Oct 14, 2024, 2:01:51 AM10/14/24
to Wazuh | Mailing List
Hi QC,
Could you clarify which configuration file you are referring to when you mention "The configuration file"? This will help us assist you more accurately.
Also, please share the version of Wazuh you are currently using.
Could you clarify which configuration file you are referring to when you mention "The configuration file"? This will help us assist you more accurately.
Also, please share the version of Wazuh you are currently using.
/var/ossec/bin/wazuh-control info
If you're referring to any specific CVEs (Common Vulnerabilities and Exposures), kindly provide the details so we can assist you accordingly.
Once we have this information, we’ll be able to guide you further.
Regards,
Hasitha Upekshitha
If you're referring to any specific CVEs (Common Vulnerabilities and Exposures), kindly provide the details so we can assist you accordingly.
Once we have this information, we’ll be able to guide you further.
Regards,
Hasitha Upekshitha
QC L
Oct 14, 2024, 2:14:21 AM10/14/24
to Wazuh | Mailing List
Thanks for your reply, my question is not a good one.
The configuration file is : msu-updates.json ,getting from https://feed.wazuh.com/vulnerability-detector/windows/msu-updates.json.gz
wazuh version is: 4.5.0
I want to understand wazuh's logic for windows vulnerability detection, but I am beginning to not understand the above configuration.
QC L
Oct 14, 2024, 11:53:05 PM10/14/24
to Wazuh | Mailing List
Does anyone else know? Thanks
hasitha.u...@wazuh.com
Oct 15, 2024, 2:01:00 AM10/15/24
to Wazuh | Mailing List
Hi QC,
It looks like you're using this feed to perform an offline update for Microsoft Security Updates (MSU):
Ref:https://documentation.wazuh.com/4.5/user-manual/capabilities/vulnerability-detection/offline-update.html#msu
However, keep in mind that Wazuh's Vulnerability Detector module was updated in version 4.8.0. After this update, those older feeds are no longer maintained or updated.
Further, if you want to know how Wazuh's vulnerability detector works you can follow this.
Ref: https://documentation.wazuh.com/4.5/user-manual/capabilities/vulnerability-detection/how-it-works.html
Let me know if this helps.
Best regards,
Hasitha Upekshitha
QC L
Oct 15, 2024, 2:21:03 AM10/15/24
to Wazuh | Mailing List
Got it, thanks.
Reply all
Reply to author
Forward
0 new messages