We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Currently, if no CNA can be determined for a given package, we default to the NVD.
As explained here:
This brings problems with packages whose information is not expressed in the feed Global map
If no CNA can be determined in the selector:
wazuh/src/wazuh_modules/vulnerability_scanner/src/scanOrchestrator/packageScanner.hpp
Lines 182 to 194 in 7f31104
The NVD is used:
Lines 195 to 198 in 7f31104
If no CNA can be determined in the selector, use the feed associated with the agent OS instead of the NVD:
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Description
Currently, if no CNA can be determined for a given package, we default to the NVD.
As explained here:
This brings problems with packages whose information is not expressed in the feed Global map
Current behaviour
If no CNA can be determined in the selector:
wazuh/src/wazuh_modules/vulnerability_scanner/src/scanOrchestrator/packageScanner.hpp
Lines 182 to 194 in 7f31104
The NVD is used:
wazuh/src/wazuh_modules/vulnerability_scanner/src/scanOrchestrator/packageScanner.hpp
Lines 195 to 198 in 7f31104
Proposed solution
If no CNA can be determined in the selector, use the feed associated with the agent OS instead of the NVD:
DoD
The text was updated successfully, but these errors were encountered: