cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Vulnerability data from cvedetails?

ether_net
Engaged Sweeper
Hi,

Given there's a public resource of vulnerable software at https://www.cvedetails.com/ - is there any way to pull that data into Lansweeper, given it obviously has the software/version data?

I read https://www.lansweeper.com/resources/vulnerability-updates/ which states "Lansweeper holds more than 400 built-in network reports in the report library, but ad-hoc vulnerabilities mostly require a custom vulnerability report " - which to me seems a bit wrong - cvedetails has TONS of info about published vulnerabilities - why not pull from there??
4 REPLIES 4

IainCaldwell
Lansweeper Employee
Lansweeper Employee
Hi
Not sure if you've noticed by our asset to NIST vulnerabilities mapping has gone into preview and is now available via the cloud platform.

IainCaldwell
Lansweeper Employee
Lansweeper Employee
I can't really give specific advice as I don't know the circumstances but in my previous jobs it was always my opinion that I should avoid using my limited time and resources on something if it was on a partners roadmap. Better to focus my time and effort on the other priorities.
Waiting can be a pain, but building yourself is always more effort than expected and the maintenance etc is always unexpectedly more hassle than planned.

That said it really depends how urgent you need it.

Maybe worth reaching out to your Lansweeper account contact to get an update (there may be a chance we will be looking for customers to work with)

ether_net
Engaged Sweeper
Thanks for the reply, Iain. It'd be a massively useful addition.

Presubmly I could just add some tables to the database myself, and do a join?

It's the faff of adding automation myself to pull data down into the LS database that I don't want to have to maintain.

IainCaldwell
Lansweeper Employee
Lansweeper Employee
Hi, we are looking at building a level of vulnerabilities into the product using nist as the data source (which I believe is where the referenced site above gets its data from). We haven't got a planned release but are actively working something in the lab - hopefully we will announce more soon.
Thanks for the feedback.

Cheers Iain