CVE - How to create Compliance policies for Common Vulnerabilities and Exploits.

CVE - How to create Compliance policies for Common Vulnerabilities and Exploits.

Below is an example about building compliance policies from the CVEs.  
We will be using CVE-2018-0282 for this case.

Creating Policy

(1) Compliance -> (2) Policies -> (3) New -> (4) Name: CVE-2018-0282 -> (4) Save

Applying to all vendor Nodes

Under Node Group (1) New -> (2) Name: Cisco_IOS -> (3) Save

Creating Rule

If we scroll through the CVE article below is the information we derive: 

So, we would be building rule and condition to identify these lines in the configuration.
Under Rule (1) New -> (2) Name: http_check -> (3) Rule type: Configuration -> (4) Vendor : Cisco_IOS


Under Rule (1) New Logic -> (2) Logic: if A then ( B or C) -> (3) Save

Creating Condition:

Define (A) to match the software version that is vulnerable:
Under Condition (1) A -> (2) Type: Software version -> (3) Must contain : 15.5(2) -> (4) Save


Define B:
This is to match the first line of config lines in the CVE document
(1) B -> (2) Must contain: ip http server -> (3) Save


Define C
This is to match the next lines of config from the CVE article
(1) C -> (2) Must contain: ip http secure-server -> (3) Save


This completes the creation of the policy.
For testing  refer to the article: How to test Compliance Policy
For creating reports refer to the article: How to create Compliance Reports

    • Related Articles

    • Cisco IOS - How to create compliance policies

      This article details all steps that you need to do in order to be able to run compliance on a single router. This is a process where you first model the router, add its configuration to Network Configuration and Change Management (NCCM), create a ...

    • How to create Compliance Reports

      Compliance reports gives us the summarized results of the policies.   Accessing Compliance Reports Creating new report  Steps to create new report Report name: Login Banner Report -> Report type: Policies -> Policy name: Login banner Downloading ...

    • F5 load balancer - How to create compliance policies

      This article is a technical overview of the basics of compliance, and how you can check that a node's config contains the lines you want it to contain. What you need is a node, modeled in NetYCE (CMDB works as well) that has a configuration stored in ...

    • Exporting and/or Importing Compliance policies

      We can easily export/import Compliance policies from one system to other. We can also import HPNA compliance policies into NetYCE system. Exporting Policies (1) Compliance -> (2) Polices -> (3) Select the desired policies -> (4) Export This generates ...

    • How to create new policy

      Policy creation overview Compliance policies are used for validating the device configuration and its state.  Compliance Policies are accessible from main menu as below: Compliance -> Polcies There are 4 steps in creating a policy. Step 1: Name the ...