- This topic has 1 reply, 2 voices, and was last updated 8 years, 1 month ago by .
- You must be logged in to reply to this topic.
Does anyone have any recommendations on how to go about getting relevant vulnerability alerts for software in a particular environment? I get weekly US-CERT vulnerability bulletins and monitor plenty of other vulnerability feeds, but am looking for something where I can specify the products that I need to watch and only receive alerts for those. Not looking for a vulnerability scanner(we have plenty of those) or a full vulnerability management suite, per se, just a way to filter out newly published vulnerabilities that affect software in use on our network.
I’m aware of some commercial service (VUPEN, etc), but am looking for a way to do it for free or low cost. Ideally we would be able to configure and manage it in-house, since we’re not keen on providing all of our software names/versions to outside entities.
The only thing I’ve come up with so far is using RSS feeds from cvedetails.com, which lets you create RSS feeds for specific software/versions, and either import those into an excel sheet or some sort of server-side RSS aggregator that is viewable by me both me and my colleagues.
Anyone have any novel ways that they do it, or can think of something I have overlooked?
– EH-Net Live! Thurs Oct 29 @ 1:00 PM US ET. Details Coming Soon!
– EH-Net Live! Sept – Video & Deck Available Now! for “Android Hacking Proving Ground!” w/ Kyle Benac from Sept 24.
– EH-Net Live! Aug – Video & Deck Available Now! for “TryHackMe – Behind the Curtain” w/ Ben Spring and Ashu Savani from Aug 27.
– EH-Net Live! June – Video & Deck Available Now! for “CISO Underrepresented” w/ Mark Arnold and Steph Ihezukwu from June 30.
– EH-Net Live! May – Video & Deck Available Now! for “Bad As You Want To Be – Adversary Emulation Basics” w/ Jake Williams from May 28.
See all EH-Net Live! Videos
More on the EH-Net YouTube Channel
There are no upcoming events at this time.
Copyright ©2021 Caendra, Inc.