Wazuh 4.7.4 NVD
93 views
Skip to first unread message
Clement Wu
May 24, 2024, 5:49:39 AM5/24/24
to Wazuh | Mailing List
Hi,
I'm currently facing an issue where I get the error
the national vulnerability database feed couldn't be parsed from ''tmp/vuln-temp-fitted' file
I was running from 4.4.3 wazuh, where i then ran the command
yum update && yum install postfix mailx cyrus-sasl cyrus-sasl-plain
this updated my wazuh to 4.7.4.
everything is well except my vulnerability detector where my previous configs
<provider name="nvd">
<enabled>yes</enabled>
<url>https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.json.gz</url>
<url>https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-recent.json.gz</url>
<update_from_year>2010 </update_from_year>
<update_interval>1h</update_interval>
</provider>
is no longer working as i keep facing the error
" the national vulnerability database feed couldn't be parsed from ''tmp/vuln-temp-fitted' file"
May I ask for advice on how to resolve this? Thanks!
Best regards,
Clement
I'm currently facing an issue where I get the error
the national vulnerability database feed couldn't be parsed from ''tmp/vuln-temp-fitted' file
I was running from 4.4.3 wazuh, where i then ran the command
yum update && yum install postfix mailx cyrus-sasl cyrus-sasl-plain
this updated my wazuh to 4.7.4.
everything is well except my vulnerability detector where my previous configs
<provider name="nvd">
<enabled>yes</enabled>
<url>https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.json.gz</url>
<url>https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-recent.json.gz</url>
<update_from_year>2010 </update_from_year>
<update_interval>1h</update_interval>
</provider>
is no longer working as i keep facing the error
" the national vulnerability database feed couldn't be parsed from ''tmp/vuln-temp-fitted' file"
May I ask for advice on how to resolve this? Thanks!
Best regards,
Clement
Antonio David Gutiérrez
May 27, 2024, 3:06:05 AM5/27/24
to Wazuh | Mailing List
Hi,
It seems the error is related to the vulnerability detector module of Wazuh server is unable to parse some of files specified through the url option of the the NVD provided:
<url>https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.json.gz</url>
<url>https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-recent.json.gz</url>
Reviewing the releases notes from Wazuh version you had to the updated one, I found a reference on Wazuh 4.5.0 that changed where the Wazuh server gets the default NVD and it seems the format of the compatible feed changed to API 2.0 too: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html#manager. I guess the provided NVD vulnerabilities feeds you are using on Wazuh 4.4.3 are not compatible for the Wazuh 4.7.4.
To solve this, if you want to use the default feed of NVD provided by Wazuh, you could remove the declaration of the url options for NVD provider of the vulnerabilty feeds. If you want to use an non-default feed, then you should ensure they are compatibles with the version of Wazuh server you are using.
It seems the error is related to the vulnerability detector module of Wazuh server is unable to parse some of files specified through the url option of the the NVD provided:
<url>https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.json.gz</url>
<url>https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-recent.json.gz</url>
To solve this, if you want to use the default feed of NVD provided by Wazuh, you could remove the declaration of the url options for NVD provider of the vulnerabilty feeds. If you want to use an non-default feed, then you should ensure they are compatibles with the version of Wazuh server you are using.
Reply all
Reply to author
Forward
0 new messages