Highlighted
Absent Member.
Absent Member.
6707 views

Scan policies and CVE

How can I find out what scan policies scan for a certain CVE?

0 Likes
4 Replies
Highlighted
Absent Member.
Absent Member.

Tom,

If you go to the Policy Manager then to Search View and change criteria to Reference Info contains cve. That will give you what I think you are looking for. Good luck!

Regards,

Billy

0 Likes
Highlighted
Absent Member.
Absent Member.

Hey thanks Billy I will give this a try. To do this you will have to search each Scan Policy individually correct? It would be nice to search all policies all at once wouldn't it? ;-).   

0 Likes
Highlighted
Absent Member.
Absent Member.

Tom,

My apologies. I misunderstood your question initially but now I see what you are looking for and I don't think the Policy Manager will do that. I was trying to do the same thing but for DoD STIGs and found no solution other than going through the tedious process of reviewing every single check in the policies which is not feasible for me. Good luck!

Billy

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

There may be a way to identify all the Policies that a check is enabled in using SQL Queries.  I am not sure if the CVE numbers would be listed in alternate Columns or buried in the report fields.  You would have to run this by Fortify Support (support.fortify.com) for details.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.