policy/frameworks/software/vulnerable.zeek

Software

Provides a variable to define vulnerable versions of software and if a version of that software is as old or older than the defined version a notice will be generated.

Namespace:

Software

Imports:

base/frameworks/control, base/frameworks/notice, base/frameworks/software

Summary

Runtime Options

Software::vulnerable_versions_update_endpoint: string &redef

The DNS zone where runtime vulnerable software updates will be loaded from.

Software::vulnerable_versions_update_interval: interval &redef

The interval at which vulnerable versions should grab updates over DNS.

Redefinable Options

Software::vulnerable_versions: table &redef

This is a table of software versions indexed by the name of the software and a set of version ranges that are declared to be vulnerable for that software.

Types

Software::VulnerableVersionRange: record

Redefinitions

Notice::Type: enum

Detailed Interface

Runtime Options

Software::vulnerable_versions_update_endpoint
Type:

string

Attributes:

&redef

Default:

""

The DNS zone where runtime vulnerable software updates will be loaded from.

Software::vulnerable_versions_update_interval
Type:

interval

Attributes:

&redef

Default:

1.0 hr

The interval at which vulnerable versions should grab updates over DNS.

Redefinable Options

Software::vulnerable_versions
Type:

table [string] of set [Software::VulnerableVersionRange]

Attributes:

&redef

Default:

{}

This is a table of software versions indexed by the name of the software and a set of version ranges that are declared to be vulnerable for that software.

Types

Software::VulnerableVersionRange
Type:

record

min: Software::Version &optional

The minimal version of a vulnerable version range. This field can be undefined if all previous versions of a piece of software are vulnerable.

max: Software::Version

The maximum vulnerable version. This field is deliberately not optional because a maximum vulnerable version must always be defined. This assumption may become incorrect if all future versions of some software are to be considered vulnerable. :)