Windows vulnerability Detector only detects OS CVEs?
220 views
Skip to first unread message
sang thanh
Oct 19, 2023, 6:32:55 AM10/19/23
to Wazuh | Mailing List
Hello all,
My current Wazuh Server and Agent are running on version 4.3.8 and everything work very well. Thanks for your efforts.
Now I'm just having a question that currently in my all Windows agent (Windows 10/11/Servers), the Vulnerability Detector only detected CVEs related to Windows OS version without any install packages CVEs.
The Packages information in Agent Inventory Data is working very well.
So I just wonder is that the Wazuh function limitation or there is something wrong with my detector?
P/s: the Vulnerability Detector is working pretty well on Linux OS.
Thanks for your help.
Marcel Kemp
Oct 19, 2023, 7:02:30 AM10/19/23
to Wazuh | Mailing List
Hi Sang,
The good news is that we are already working on a Vulnerability Detector refactor, where we will normalize these translations so that they don't need to be added manually, and these package vulnerabilities will be detected correctly:
The current problem with Vulnerability Detector for Windows is that it is limited to the existing translations in the CPE Helper, because the packages installed on Windows are not standardized like on Linux, and this means that we cannot easily obtain their CPE based on vendor and package name information.
Therefore, it currently detects vulnerabilities in packages listed in the following dictionary:
If you would like, you can modify the CPE Helper manually to add new package translations to detect vulnerabilities in those new entries. Below is a step-by-step guide to adding new translations:
Therefore, it currently detects vulnerabilities in packages listed in the following dictionary:
- CPE Helper dictionary: https://github.com/wazuh/wazuh/blob/master/src/wazuh_modules/vulnerability_detector/cpe_helper.json
If you would like, you can modify the CPE Helper manually to add new package translations to detect vulnerabilities in those new entries. Below is a step-by-step guide to adding new translations:
- Guide to adding translation to CPE Helper: https://www.reddit.com/r/Wazuh/comments/16gmb4s/comment/k0evhmz/?utm_source=share&utm_medium=web2x&context=3
The good news is that we are already working on a Vulnerability Detector refactor, where we will normalize these translations so that they don't need to be added manually, and these package vulnerabilities will be detected correctly:
Hope this is helpful, and sorry for the inconvenience!
sang thanh
Oct 19, 2023, 7:30:23 PM10/19/23
to Wazuh | Mailing List
Yes thanks alot for your kind response.
Have a great day.
Vào lúc 18:02:30 UTC+7 ngày Thứ Năm, 19 tháng 10, 2023, Marcel Kemp đã viết:
Reply all
Reply to author
Forward
0 new messages