Improving Version Matching - PAS Integrity Software Suite - 7.3 - Help - Intergraph

Integrity Help

Language
English
Product
PAS Integrity Software Suite
Subproduct
Cyber
Search by Category
Help
PAS Version
7.3

Version numbers can vary, such as 6 and 6.0.0. Cyber Integrity provides default rules to handle many common version variations. The Vulnerability Matching window allows you to add to these rules to define that multiple values indicate the same version. By defining multiple values indicate the same version, the vulnerability matching can be completed more accurately. Version rules are stored per vendor.

  • When you finish refining the matching rules, be sure to Save your changes. If you close the window or navigate to a different page without saving your changes, the changes are discarded.

  • To modify the matching rules, you must have the ConfigMgr or Administrator role.

To refine version number matching rules:

  1. Open the Cyber Integrity web interface.

  2. Click Vulnerabilities > Matching in the left navigation bar.

  3. In the View by field, select how you want to view matches:

    • CPE - lists the structured naming scheme values from the NVD in the left column of each section and allows you to select values from the Integrity inventory that should match the NVD value.

    • CPE - Limited to ICS-CERT - lists the structured naming scheme values from the NVD in the left column of each section and allows you to select values from the Integrity inventory that should match the NVD value. The NVD data is limited to entries linked to the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

    • Inventory - lists Integrity inventory values in the left column of each section and allows you to select values from the CPE entries in the NVD that should match the inventory value.

    • Inventory - Limited to ICS-CERT - lists Integrity inventory values in the left column of each section and allows you to select values from the CPE entries in the NVD that should match the inventory value. The NVD data is limited to entries linked to the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). This option is the default view.

  4. Click Vendors to expand the Vendors section of the window.

  5. Select the vendor name in the left Vendors column for the product version for which you want to adjust the matching rules.

  6. Click Products to expand the Products section of the window.

  7. Select the product name in the left Products column for the product version for which you want to adjust the matching rules.

  8. Click Versions to expand the Versions section of the window.

    If you chose View by: Inventory, the left column lists the product versions from the Integrity inventory. If you chose View by: CPE, the left column lists the product versions from the NVD.

  9. Select the version in the left Versions column for which you want to adjust the matching rules.

    The Confirmed Matches column lists the versions that are considered matches based on the existing rules. The Potential Matches column lists the versions that are possible matches, but are not considered matches based on the existing rules.

  10. If you need to adjust the version matching, use the Version Matching Rules field, and the buttons to the right of this field, to change the existing rules.

  11. Click Save.