Improving Product Matching - PAS ICS Integrity - 7.3 - Help - Intergraph

ICS Integrity User Guide

Language
English
Product
PAS ICS Integrity
Subproduct
ICS
Search by Category
Help
PAS Version
7.3

Product names can vary slightly, especially when products are renamed from one version to the next. The Vulnerability Matching window allows you to indicate that multiple values indicate the same product. By associating multiple versions of product names that indicate the same product, the vulnerability matching can be completed more accurately. Product rules are stored per vendor.

  • When you finish refining the matching rules, be sure to Save your changes. If you close the window or navigate to a different page without saving your changes, the changes are discarded.

  • To modify the matching rules, you must have the ConfigMgr or Administrator role.

To refine product name matching rules:

  1. Open the ICS Integrity web interface.

  2. Click Vulnerabilities > Matching in the left navigation bar.

  3. In the View by field, select how you want to view matches:

    • CPE - lists the structured naming scheme values from the NVD in the left column of each section and allows you to select values from the Integrity inventory that should match the NVD value.

    • CPE - Limited to ICS-CERT - lists the structured naming scheme values from the NVD in the left column of each section and allows you to select values from the Integrity inventory that should match the NVD value. The NVD data is limited to entries linked to the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

    • Inventory - lists Integrity inventory values in the left column of each section and allows you to select values from the CPE entries in the NVD that should match the inventory value.

    • Inventory - Limited to ICS-CERT - lists Integrity inventory values in the left column of each section and allows you to select values from the CPE entries in the NVD that should match the inventory value. The NVD data is limited to entries linked to the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). This option is the default view.

  4. Click Vendors to expand the Vendors section of the window.

  5. Select the vendor name in the left Vendors column for the product for which you want to adjust the matching rules.

  6. Click Products to expand the Products section of the window.

    If you chose View by: Inventory, the left column lists the product names from the Integrity inventory. If you chose View by: CPE, the left column lists the product names from the NVD.

  7. Select the product name in the left Products column for which you want to adjust the matching rules.

    The Confirmed Matches column lists the product names that are considered matches based on the existing rules. The Potential Matches column lists the product names that are possible matches, but are not considered matches based on the existing rules.

    If you want to review more information about an NVD entry, select that entry, and then click CVE Look Up. ICS Integrity displays the NVD information about this known vulnerability and links to more information.

  8. If you want to remove a confirmed match, select the product name in the Confirmed Matches column, and then click the right arrow (>) button.

  9. If you want to add a confirmed match, select the product name in the Potential Matches column, and then click the left arrow (<) button.

  10. If you want to add a confirmed match that is not listed in the Potential Matches column, complete the following steps:

    1. Click the Manually add a match button above the left arrow (<) button.

    2. Click the product you want to add as a confirmed match, and then click Add.

    3. Click Close. The product you selected is now listed in the Confirmed Matches column.

  11. If you need to further adjust the product name matching, use the Product Name Matching Rules field, and the buttons to the right of this field, to change the existing rules.

  12. Click Save.