12.1 Creating and Configuring the CVE Subscription

To enable ZENworks to import CVE data from the National Vulnerability Database (NVD), you need to first create and run the CVE subscription.

12.1.1 Creating the CVE Subscription

To create the CVE Subscription:

  1. Log into ZENworks Control Center and click Subscribe and Share.

  2. In the Subscriptions list, click New > Subscription.

  3. In the Select Subscription Type page, select the CVE Subscription and then click Next.

  4. In the Define Details page, specify the following details:

    • Subscription Name: A unique name for the subscription.

    • Folder: Type the name of the folder or browse to the folder in which this subscription will be created. By default, the subscription will be created in the /Subscriptions folder.

    • Description: A short description for the subscription. This description is displayed in the subscription’s Summary page.

  5. Click Next.

  6. In the Select CVE Subscription Server page, browse to select the Primary Server on which the CVE Subscription service will run. CVE data from the NVD repository will be downloaded onto this server.

  7. Select the frequency at which the CVE data should be downloaded from the NVD repository. By default the CVE data is downloaded Daily at 23:00 hours (11 p.m).

    The CVE subscription should be run before the Patch subscription for the Patch subscription to perform the CVE-Patch mapping. If the CVE subscription is run after the Patch subscription, the mapping will not happen until the next Patch subscription, which could be the next day.

  8. Click Next to display the Summary page.

  9. Review the information and if changes are required, you can make them by using the Back button.

  10. (Conditional) Select the Define Additional Properties check box to display the subscription’s Summary page after the wizard completes.

    You can use the various tabs on the Summary page to edit the subscription information.

  11. (Conditional) Select the Run Subscription Now check box to run the subscription service as soon as the subscription is created. You can also run the subscription at a later time by navigating to the Subscribe and Share page and clicking the CVE subscription.

  12. Click Finish to create the subscription.

12.1.2 Configuring the CVE Subscription

While creating the CVE subscription, if you did not select the option to start the subscription service as soon as the CVE subscription is completed, you can start the subscription and also make changes to it by selecting the CVE subscription object.

  1. In ZCC, click Subscribe and Share in the left pane.

  2. In the Subscriptions page, click the CVE Subscription object. The CVE Subscription details are displayed:

    The General panel displays the following information:

    • Name: Displays the name of the subscription.

    • Type: Displays the type of subscription.

    • Created By: Displays the name of the user who created the subscription.

    • GUID: Displays the subscription’s GUID (global unique identifier), a randomly generated string that provides a unique identifier for the subscription.

    • Description: Displays a description of the subscription if it was provided when the subscription was created. The description appears only in ZENworks Control Center. Click Edit to change the description.

    • Enabled: Displays whether the subscription is enabled or not.

    • Subscription Logs: Displays messages associated with the last run of the subscription. Click the View Log link to view the subscription logs.

    The Subscription panel provides a summary of the CVE subscription. You can view the following details:

    • CVE NVD Feeds URL: The URL of the NVD repository from where the CVE feeds are imported. You can click the Edit link to change the URL.

      IMPORTANT:DO NOT change the URL, unless directed by Micro Focus Customer Care.

    • CVE Subscription Server: The server that syncs with the NVD repository, downloads CVE data and stores it in the ZENworks database.

    • Last Replication: The day and time at which the Subscription server last synced with the NVD repository. You can select the relevant options to:

      • Run Now: Syncs immediately without waiting for the schedule. When the sync is done for the first time, a full run is performed to download all the CVE data. However, if the last run was performed less than 8 days ago, only the changes since the last run will be downloaded.

      • Import Manually: Download the data from the NVD repository in the JSON file format and then upload the JSON zip file to the server. It is not necessary for you to perform this step, unless there is an issue with the subscription service. To manually upload the file, you need to navigate to https://nvd.nist.gov/vuln/data-feeds and select the zip file against the year for which you want to download the data. You can also select the zip file against the CVE-Modified feed name to download just the modified CVE data.

    • Full Run: If no CVE data is downloaded or if the last run was performed more than 8 days ago, then use this feature to download all the data from the NVD repository.

    • Status: Indicates the status of the last sync with the NVD repository.

    • Schedule Interval: The interval at which the sync is performed with the NVD server. You can either perform the sync at a particular time, every day (daily) or you can perform the sync at an hourly interval.