policy/frameworks/software/vulnerable.zeek

Software

Provides a variable to define vulnerable versions of software and if a version of that software is as old or older than the defined version a notice will be generated.

Namespace

Software

Imports

base/frameworks/control, base/frameworks/notice, base/frameworks/software

Summary

Runtime Options

Software::vulnerable_versions_update_endpoint: string &redef

The DNS zone where runtime vulnerable software updates will be loaded from.

Software::vulnerable_versions_update_interval: interval &redef

The interval at which vulnerable versions should grab updates over DNS.

Redefinable Options

Software::vulnerable_versions: table &redef

This is a table of software versions indexed by the name of the software and a set of version ranges that are declared to be vulnerable for that software.

Types

Software::VulnerableVersionRange: record

Redefinitions

Notice::Type: enum

Detailed Interface

Runtime Options

Software::vulnerable_versions_update_endpoint
Type

string

Attributes

&redef

Default

""

The DNS zone where runtime vulnerable software updates will be loaded from.

Software::vulnerable_versions_update_interval
Type

interval

Attributes

&redef

Default

1.0 hr

The interval at which vulnerable versions should grab updates over DNS.

Redefinable Options

Software::vulnerable_versions
Type

table [string] of set [Software::VulnerableVersionRange]

Attributes

&redef

Default

{}

This is a table of software versions indexed by the name of the software and a set of version ranges that are declared to be vulnerable for that software.

Types

Software::VulnerableVersionRange
Type

record

min: Software::Version &optional

The minimal version of a vulnerable version range. This field can be undefined if all previous versions of a piece of software are vulnerable.

max: Software::Version

The maximum vulnerable version. This field is deliberately not optional because a maximum vulnerable version must always be defined. This assumption may become incorrect if all future versions of some software are to be considered vulnerable. :)