Community in read only mode June 18 & 19
This community will be set in READ ONLY mode for a while on Tuesday June 18 into Wednesday June 19 while we import content and users from our Micro Focus Forums community site. MORE INFORMATION
thomas.neill@mc Absent Member.
Absent Member.
4732 views

Scan policies and CVE

How can I find out what scan policies scan for a certain CVE?

0 Likes
4 Replies
billyort Absent Member.
Absent Member.

Re: Scan policies and CVE

Tom,

If you go to the Policy Manager then to Search View and change criteria to Reference Info contains cve. That will give you what I think you are looking for. Good luck!

Regards,

Billy

0 Likes
thomas.neill@mc Absent Member.
Absent Member.

Re: Scan policies and CVE

Hey thanks Billy I will give this a try. To do this you will have to search each Scan Policy individually correct? It would be nice to search all policies all at once wouldn't it? ;-).   

0 Likes
billyort Absent Member.
Absent Member.

Re: Scan policies and CVE

Tom,

My apologies. I misunderstood your question initially but now I see what you are looking for and I don't think the Policy Manager will do that. I was trying to do the same thing but for DoD STIGs and found no solution other than going through the tedious process of reviewing every single check in the policies which is not feasible for me. Good luck!

Billy

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Scan policies and CVE

There may be a way to identify all the Policies that a check is enabled in using SQL Queries.  I am not sure if the CVE numbers would be listed in alternate Columns or buried in the report fields.  You would have to run this by Fortify Support (support.fortify.com) for details.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.