Configure vulnerability assessments

Configure the loading of Threat Intelligence Contents


Product	Guardian
Syntax	`conf.user configure va contents <json_value>`
Description	This command allows Threat Intelligence Contents to be either completely disabled, or selectively loaded. The JSON object can have the following attributes: `load_contents` - this can be true/false to enable/disable the loading of contents; `loaded_content_types` - this is a JSON array of contents to be loaded. The available content types are: `cpe_items` `microsoft_hotfixes` `vulnass` As an example, the following command will disable contents loading: `conf.user configure va contents { "load_contents": false }` As a further example, the following command will allow only `cpe_items` to be loaded: `conf.user configure va contents { "loaded_content_types": [ "cpe_items" ] }`
Parameters	`json_value`: A JSON object to configure how contents are loaded
Where	CLI
To apply	In a shell console execute: `service n2osva stop`

Configure CVE matching


Product	Guardian
Syntax	`conf.user configure va cve enable [true\|false\|if_not_sync]`
Description	By default, the sensors only match CVEs if they are not connected to an upstream (i.e. a CMC or Vantage). The CVE matching will happen upstream. This behavior can be configured using this configuration line, where 'true' forces the CVE matching even if the sensor is connected upstream, 'false' disables it in any case, and 'if_not_sync' restores the default behavior.
Where	CLI
To apply	In a shell console execute: `service n2osva stop`

Enables the management of Microsoft Hotfixes


Product	Guardian
Syntax	`conf.user configure va hotfixes_enabled <flag>`
Description	Please consider that when this is set to true hotfixes are loaded and used to set CVEs status whereas when this flag is set to false, hotfixes are not loaded nor used by CVE calculation.
Parameters	`flag`: The management of Microsoft Hotfixes is enabled by default
Where	CLI
To apply	It is applied automatically

Disable the Microsoft Hotfixes resolution capabilities


Product	Guardian
Syntax	`conf.user configure va use_hotfix_resolution <flag>`
Description	Please consider that disabling the Microsoft Hotfixes resolution feature means that CVEs for Microsoft Windows machines will not be automatically closed through Smart Polling, and as a consequence those nodes might be assigned by Guardian a large number of obsolete CVEs.
Parameters	`flag`: Microsoft Hotfixes resolution is enabled by default
Where	CLI
To apply	It is applied automatically

Disable the CPE computation for a specific node


Product	Guardian
Syntax	`conf.user configure va cpe disable <node_id> [true\|false]`
Description	Please consider that, when this command is used, the vulnerabilities assessment engine is completely disabled for that specific node and no CVEs will be assigned to the node itself.
Parameters	`node_id`: Node ID of the node targeting the rule
Where	CLI
To apply	It is applied automatically

Disable End Of Life CPEs calculation


Product	Guardian
Syntax	`conf.user configure va use_eol_cpe_calculation false`
Description	By default, when CVE associated to CPES calculation is perfomed, CPE that are referring to products that reached End Of Life are not taken into account. To disable this behaviour use this configuration.
Where	CLI
To apply	In a shell console execute: `service n2osva stop`