Security Controls

Importing CVEs

The Common Vulnerabilities and Exposures (CVE) List is a public reference of known cybersecurity vulnerabilities. This list, maintained by the MITRE Corporation, continually changes as new vulnerabilities are detected. If your organization uses the CVE list, it can be difficult to determine exactly which patches you need to deploy to protect your machines from the threats identified in the list.

Fortunately, Security Controls simplifies this process. You simply import a list of CVEs to Security Controls and then add them to a patch group. Security Controls will automatically determine which patches are related to each CVE and it will add those patches to the patch group. You then use the patch group in your scans and deployments.

You can initiate the import process three different ways:

Select Import > CVEs

On the home page, click the Import CVEs into a patch group link

While creating or editing a Windows patch group

You then follow the five easy steps on the Import CVEs dialog to complete the process.

Select a file with CVEs

Use the Browse button to locate the file that contains the list of CVEs. The file can be in any valid text file format such as .csv, .txt, .xml, etc.

Find CVEs in the file

To extract all CVEs found in the specified file, click Start extracting CVEs. If the file is large, the extraction process may take a few minutes to complete.

Confirm matches

This pane contains all valid CVEs that were detected during the extraction process and that are mapped to at least one patch. By default, all of the CVEs imported into this pane will be selected. If you want to exclude one or more CVEs prior to adding them to a patch group, clear their respective check boxes.

Invalid or unmapped CVEs

This pane contains all invalid or unmapped CVEs that were detected during the extraction process. A CVE may be invalid due to an incorrect name. A CVE is considered unmapped if there are no known patches related to the CVE. If you want to export this list to a text file to use as a reference for further investigation, click View in Notepad.

 

Select the operating system type

Select the type of operating system to which the CVEs apply—either Windows or Linux.

Select an existing patch group or type a name for a new group

Use this box to specify a patch group that will be used to contain the selected CVEs. You can choose an existing patch group or type the name of a new patch group.

Create or update patch group

When you click this button, all patches related to the selected CVEs will be added to the specified patch group.

To view the new or updated patch group:

Windows: In the navigation pane, select Windows Patch Templates and Groups and then double-click the group in the Windows Patch Groups list.

Linux: In the navigation pane, select Linux Patch Configurations and Groups and then double-click the group in the Linux Patch Groups list.

Related Topics

Creating and Editing a Patch Group

Viewing Patch Summaries

 


Was this article useful?