policy/frameworks/software/vulnerable.zeek

Software

Provides a variable to define vulnerable versions of software and if a version of that software is as old or older than the defined version a notice will be generated.

Namespace:Software
Imports:base/frameworks/control, base/frameworks/notice, base/frameworks/software

Summary

Runtime Options

Software::vulnerable_versions_update_endpoint: string &redef The DNS zone where runtime vulnerable software updates will be loaded from.
Software::vulnerable_versions_update_interval: interval &redef The interval at which vulnerable versions should grab updates over DNS.

Redefinable Options

Software::vulnerable_versions: table &redef This is a table of software versions indexed by the name of the software and a set of version ranges that are declared to be vulnerable for that software.

Redefinitions

Notice::Type: enum  

Detailed Interface

Runtime Options

Software::vulnerable_versions_update_endpoint
Type:string
Attributes:&redef
Default:""

The DNS zone where runtime vulnerable software updates will be loaded from.

Software::vulnerable_versions_update_interval
Type:interval
Attributes:&redef
Default:1.0 hr

The interval at which vulnerable versions should grab updates over DNS.

Redefinable Options

Software::vulnerable_versions
Type:table [string] of set [Software::VulnerableVersionRange]
Attributes:&redef
Default:{}

This is a table of software versions indexed by the name of the software and a set of version ranges that are declared to be vulnerable for that software.

Types

Software::VulnerableVersionRange
Type:

record

min: Software::Version &optional

The minimal version of a vulnerable version range. This field can be undefined if all previous versions of a piece of software are vulnerable.

max: Software::Version

The maximum vulnerable version. This field is deliberately not optional because a maximum vulnerable version must always be defined. This assumption may become incorrect if all future versions of some software are to be considered vulnerable. :)