Vulnerability Alerting options

Viewing 1 reply thread
  • Author
    Posts
    • #8574
      eyenit0
      Participant

      Hi all,

      Does anyone have any recommendations on how to go about getting relevant vulnerability alerts for software in a particular environment? I get weekly US-CERT vulnerability bulletins and monitor plenty of other vulnerability feeds, but am looking for something where I can specify the products that I need to watch and only receive alerts for those. Not looking for a vulnerability scanner(we have plenty of those) or a full vulnerability management suite, per se, just a way to filter out newly published vulnerabilities that affect software in use on our network.

      I’m aware of some commercial service (VUPEN, etc), but am looking for a way to do it for free or low cost. Ideally we would be able to configure and manage it in-house, since we’re not keen on providing all of our software names/versions to outside entities.

      The only thing I’ve come up with so far is using RSS feeds from cvedetails.com, which lets you create RSS feeds for specific software/versions, and either import those into an excel sheet or some sort of server-side RSS aggregator that is viewable by me both me and my colleagues.

      Anyone have any novel ways that they do it, or can think of something I have overlooked?
      Thanks!

    • #53469
      termight
      Participant

      @eyenit0, why don’t you write a script in python,ruby or bash to track urls of these known sites or parse variable to filer interesting data like software version, release dates etc that match the version or software you have. ;D

Viewing 1 reply thread
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?