-
Notifications
You must be signed in to change notification settings - Fork 192
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Correct F5 fingerprints #171
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On the InsightVM/Nexpose side of things we have a large number of checks that rely on the OS vendor value being F5
and family being BIG-IP
. So removing " Labs" makes things more consistent from that point of view 👍
The changes from os
to service
shouldn't affect vulnerability results at all. Even though our checks use OS-level fingerprints, they won't fire from recog matches (they rely on an additional system config value to be asserted, which corresponds to what these files call product (e.g. LTM
).
@@ -287,8 +287,9 @@ | |||
<fingerprint pattern="^.*(?:Basic|Digest) .*realm="BIG-IP".*$"> | |||
<description>Generic F5 Big-IP</description> | |||
<example>Basic realm="BIG-IP"</example> | |||
<param pos="0" name="os.vendor" value="F5"/> | |||
<param pos="0" name="os.product" value="BIG-IP"/> | |||
<param pos="0" name="servicevendor" value="F5"/> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
missing .
separator
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add the missing .
and 🚢
Good catch. I'll see about adding a test to catch possibly bad fingerprints like that. |
This was landed, but for some reason it is not showing up here. |
In other fingerprints the vendor is F5, which is more correct. This makes the vendor name consistent.
This also uses the BIG-IP family and BIG-IP LTM product consistently, and corrects a handful of
os
fingerprints that should beservice
.