Hola,In regards to fleetdm and the vulnerability database, it's been working great for us as in it reports what it can find with no false positives so far - which is great. However, I've been doing some comparing with Greenbone Vulnerability Manager and can't help but notice that GVM covers alot more (for partly obvious reasons) - but in regards to verifying vulnerable installed software, GVM does covers Ubuntu security updates which fleet does not seem to do, atleast not in v4.11.0.https://ubuntu.com/security/notices/USN-5325-1 is caught by GVM and confirmed vulnerable, but the software package is not listed as vulnerable with the NVD feed and as such, not in fleetdm.I've not been able to find a Debian situation that would be simular in our enviroment yet so I cannot confirm if the same situation would occur with Debian, but I am not closing that door.Has anyone else been in this situation and managed to add more data sources to the vulnerability feed for fleet to cover Ubuntu/Debian security updates - and if so, how? 😃
4 months ago
Hi @Hans! We appreciate the feedback.We are currently working on improving Fleet's Vulnerability Processing for Ubuntu and CentOS hosts, see #4218, #4518, #4405. We are considering using more specialized sources for vulnerabilities for Ubuntu and CentOS, particularly we are looking into using OVAL (https://oval.mitre.org/).