|
|
NSFocus Information Technology (Beijing) Co., Ltd.
www.nsfocus.com
AURORA RSAS
http://www.nsfocus.com/english/homepage/products/rsas.htm
Provide a short description of how and where your capability is made available to your customers and the public (required):
NSFocus makes information about security vulnerabilities publicly available on its website; customers can also download and install product updates on the website.
Related resources and links:
NSFocus Vulnerability Database:
http://www.nsfocus.net/index.php?act=sec_bug (chinese)AURORA RSAS Component Update:
http://update.nsfocus.com/update/aurora/showlist.php (chinese)
Describe how and where your capability indicates the most recent CVE version used to create or update its mappings (required):
We check for new CVE versions and complete related updates in the next regular update.
Indicate how often you plan on updating the mappings to reflect new CVE versions and describe your approach to keeping reasonably current with CVE versions when mapping them to your repository (recommended):
We review CVE website weekly, and will generate a list of CVE names to be updated via script tools within 3 days if any new CVE version is made available, then complete the update in a few days afterwards, depending on the amount of CVE entries to be updated and workload at that time.
Describe how and where you explain to your customers the timeframe they should expect an update of your capability's mappings to reflect a newly released CVE version (recommended):
AURORA RSAS is updated every two weeks. Any revisions to CVE information during update intervals will be timely included in the update file. We will not make any specific explanation to CVE version for the customers.
Provide a copy, or directions to its location, of where your documentation describes CVE and CVE compatibility for your customers (required):
AURORA RSAS
http://www.nsfocus.com/english/homepage/products/rsas.htm (english)
http://www.nsfocus.com/homepage/products/rsas.htm (chinese)NSFocus products CVE compatible description:
http://www.nsfocus.com/english/homepage/products/cve.htm (english)
http://www.nsfocus.com/homepage/products/cve.htm (chinese)
Provide a copy, or directions to its location, of where your documentation describes the specific details of how your customers can use CVE names to find the individual security elements within your capability's repository (required):
CVE names may be used as a search criterion from the search page at
http://www.nsfocus.net/index.php?act=sec_bugThe description and procedures have been documented at
http://www.nsfocus.com/english/homepage/products/cve.htm (english)
http://www.nsfocus.com/homepage/products/cve.htm (chinese)The figure below shows the search capability.
Provide a copy, or directions to its location, of where your documentation describes the process a user would follow to find the CVE names associated with individual security elements within your capability's repository (required):
Security information can be searched from the search page at http://www.nsfocus.net/index.php?act=sec_bug via general key words. If the information is related to specific CVE information, then the CVE name and link to MITRE website will appear in Description section. The description and procedures have been documented at
http://www.nsfocus.com/english/homepage/products/cve.htm (english)
http://www.nsfocus.com/homepage/products/cve.htm (chinese)Detailed alert information can be searched from online Help text via alert name or other key words. If the alert is related to specific CVE information, then the CVE name and link to MITRE website will appear in it.
The figures below shows the CVE name link.
If your documentation includes an index, provide a copy of the items and resources that you have listed under "CVE" in your index. Alternately, provide directions to where these "CVE" items are posted on your web site (recommended):
On the Help page of AURORA RSAS there is a special CVE search category
for fast search of CVE-related entries.
If CVE candidates are supported or used, explain how you indicate that candidates are not accepted CVE entries (required):
The following page on NSFocus website describes the difference between
CAN and CVE name:http://www.nsfocus.com/english/homepage/products/cve.htm (english)
http://www.nsfocus.com/homepage/products/cve.htm (chinese)
If CVE candidates are supported or used, explain where and how the difference between candidates and entries is explained to your customers (recommended):
The following page on NSFocus website describes the difference between CAN and CVE name:
http://www.nsfocus.com/english/homepage/products/cve.htm (english)
http://www.nsfocus.com/homepage/products/cve.htm (chinese)
If CVE candidates are supported or used, explain your policy for changing candidates into entries within your capability and describe where and how this is communicated to your customers (recommended):
NSFocus Security Team checks for CVE name changes weekly, and makes corresponding modification if there is any change. After MITRE issues a Final Decision list for a given CVE version, NSFocus Security Team will generate a list of CVE names to be modified via script tools, and the resultant work can typically be completed in a few days, depending on current workload and the number of promoted candidates. Products that use NSFocus Security Information Database uptake the updated information at the next major product version release, or during the next applicable update.
NSFocus will try to update modified CVE names at the earliest opportunity, but will not inform customers of these changes individually.
If CVE candidates are supported or used, explain where and how a customer can find the explanation of your search function's ability to look for candidates and entries by using just the YYYY-NNNN portion of the CVE names (recommended):
NSFocus Security Information Database search engine supports partial matches of the form YYYY-NNNN. The documentation describing this capability is available at
http://www.nsfocus.com/english/homepage/products/cve.htm (english)
http://www.nsfocus.com/homepage/products/cve.htm (chinese)
If CVE candidates are supported or used, explain where and how a customer can find the explanation of your search function's support for retrieving the CVE entry for a candidate that is no longer a candidate (recommended):
NSFocus recommends to search partial matches of the form YYYY-NNNN.
If CVE candidates are supported or used, explain where and how you tell your users how up-to-date your candidate information is (recommended):
NSFocus will try to update modified CVE names at the earliest opportunity, but will not inform customers of these changes individually.
Give detailed examples and explanations of how a user can locate tasks in the tool by looking for their associated CVE name (required):
Users can utilize product's online Help in order to find related CVEs and information about the corresponding CVE. Links to https://cve.mitre.org are also commonly available.
Give detailed examples and explanations of how, for reports that identify individual security elements, the tool allows the user to determine the associated CVE names for the individual security elements in the report (required):
CVE details and links are provided in most RSAS alerts if only corresponding CVE name is available. Each available CVE can be searched by its name in RSAS online Help.
Give detailed examples and explanations of how a user can obtain a listing of all of the CVE names that are associated with the tool's tasks (recommended):
A user can obtain a listing or all vulnerabilities and related CVE from within the online Help. The user can enter 'CVE' and 'Search'. The total number of vulnerabilities is then listed in the left view pane followed by each vulnerability name. CVEs are then listed in each vulnerability in the right hand view of Help window.
Give detailed examples and explanations of how a "find" or "search" function is available to the user to locate tasks in the online capability by looking for their associated CVE name or through an online mapping that links each element of the capability with its associated CVE name(s) (required):
- From the search Webpage of NSFocus Security Information Database http://www.nsfocus.net/index.php?act=sec_bug enter the CVE name in one of the following formats:
Format Example
CVE-YYYY-NNNN CVE-2004-0122
CAN-YYYY-NNNN CAN-2004-1064
YYYY-NNNN 2004-0122- Select "Search by Keyword". The Keyword Search Results page appears.
- Under the displaying results list, select the appropriate link for more information. CVE or CAN and vulnerability details appear in the "Description" section.
Provide a detailed description of how someone can use your "URL template" to interface to your capability's search function (recommended):
Examples:
http://www.example.com/cgi-bin/db-search.cgi?cvename=CVE-YYYY-NNNN
http://www.example.com/cve/CVE-YYYY-NNNN.htmlFrom the search Webpage of NSFocus Security Information Database http://www.nsfocus.net/index.php?act=sec_bug enter the CVE name in one of the following formats:
Format Example
CVE-YYYY-NNNN CVE-2004-0122
CAN-YYYY-NNNN CAN-2004-1064
YYYY-NNNN 2004-0122
If the URL template is for a CGI program, does it support the HTTP "GET" method? (recommended):
- From the search Webpage of NSFocus Security Information Database http://www.nsfocus.net/index.php?act=sec_bug enter the CVE name in the following formats:
Format Example
CVE(CAN)- Select "Search by Keyword". The Keyword Search Results page appears.
- Under the displaying results list, select the appropriate link for more information. CVE or CAN and vulnerability details appear in the "Description" section.
Give detailed examples and explanations of how, for reports that identify individual security elements, the online capability allows the user to determine the associated CVE names for the individual security elements in the report (required):
This capability is available on each Web page in product's alert detail section. For CAN and CVE names, the section lists the CVE name, a link to the MITRE CVE entry for the same name (opens in a new browser window).
For example:
http://www.nsfocus.net/index.php?act=sec_bug&do=view&bug_id=6160&keyword=CVE-2004-0122In "Description" section, CVE-2004-0122 is the CVE name of this entry, which links to the corresponding CVE information in MITRE website: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0122 CVE names appearing in Description section are the latest CVE or CAN names. NSFocus Security Team will not keep revision history for specific security information-related CVE/CAN names.
If details for individual security elements are not provided, give examples and explanations of how a user can obtain a mapping that links each element with its associated CVE name(s), otherwise enter N/A (required):
From the search Webpage of NSFocus Security Information Database http://www.nsfocus.net/index.php?act=sec_bug enter the CVE name in one of the following formats:
Format Example
CVE-YYYY-NNNN CVE-2004-0122
CAN-YYYY-NNNN CAN-2004-1064
YYYY-NNNN 2004-0122
Provide details about the different electronic document formats that you provide and describe how they can be searched for specific CVE-related text (required):
RSAS and ICEYE NIDS provide output in PDF, HTM, and RTF. Each is searchable via the browser, viewer or editor chosen.
If one of the capability's standard electronic documents only lists security elements by their short names or titles provide example documents that demonstrate how the associated CVE names are listed for each individual security element (required):
Currently, when security elements are listed by titles, we provide no mapping in our reports on how a CVE name is related to each individual security element.
Provide example documents that demonstrate the mapping from the capability's individual elements to the respective CVE name(s) (recommended):
Within online Help of our products there is a search function that allows users to find CVEs that we have the ability to audit systems with.
Give detailed examples and explanations of how the GUI provides a "find" or "search" function for the user to identify your capability's elements by looking for their associated CVE name(s) (required):
CVE information can be found in the product Help text, it will detail what CVE is, and also covers details of detectable exploits and how to relate to corresponding CVE. Both Help texts can be searched by content, index, search or favorites within the Help module.
Briefly describe how the associated CVE names are listed for the individual security elements or discuss how the user can use the mapping between CVE entries and the capability's elements, also describe the format of the mapping (required):
In our Vulnerability Details section within the product we have the associated CVEs included in the vulnerability description. Click CVE name, then a new browser page that links to corresponding CVE name in MITRE website will appear.
Provide details about the different electronic document formats that you provide for exporting or accessing CVE-related data and describe how they can be searched for specific CVE-related text (recommended):
Export document provides output in HTML and RTF format. Each is searchable via the browser or editor chosen according to CVE information.
Have an authorized individual sign and date the following Compatibility Statement (required):
"As an authorized representative of my organization I agree that we will abide by all of the mandatory CVE Compatibility Requirements as well as all of the additional mandatory CVE Compatibility Requirements that are appropriate for our specific type of capability."
Name: Li Qun
Title: Director of NSFocus Development Dept.
Have an authorized individual sign and date the following accuracy Statement (recommended):
"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the mapping between our capability's Repository and the CVE entries our capability identifies."
Name: Zuo Lei
Title: Director of NSFocus Research Dept.