Closed ojaschauhan closed 2 days ago
@mostlikelee, can you please see if this is reproducible?
I wasn't able to reproduce this. @ojaschauhan by default webhooks are only triggered if the vulnerability was published in the last 30 days, which is a configurable date. Could that be the cause?
@mostlikelee Yes i installed a very old version of python which is now shown in the vulnerability section. but no webhook go triggered for it.
And i am seeing vulnerabilities number changing everyday and it addes new vulns as well. Which are also not being sent to the webhook.
I dont see any logs for it so i am not sure how can i share more information about it.
@ojaschauhan by default, webhooks only trigger for CVEs published in the last 30 days but you can change that using recent-vulnerability-max-age. Could that be the issue you're seeing?
@mostlikelee This shouldn't be the case as we haven't made any config changes to the webhook, it just stopped working in February (roughly the same timeframe when there were issues with NVD DB). By looking at the container logs, we don't see anything that hints us towards the reason of issue (nothing like failed POST/incorrect JSON formatting). We are kind of running out of options to troubleshoot this further, is there anything else that we may be missing here ?
yep checking the code and the logs, I can't seem to find anything that points to the webhook being triggered at all.
@nikolastoilov @rodneysamuel Can you provide debug fleet logs along with an example CVE and Software you expect to trigger a webhook?
closing this issue because we can't currently reproduce the behavior, but please feel free to re-open it if the issue is still occurring!
Webhook silent, still, Vulnerability hides, Fixed, safety resides.
version 4.49.2
Chrome running on macOS but issues is not related to browser, it's on fleet server
💥 Actual behavior
Fleet had issue with NVD and i thought it's due to that the webhook is not sending any new vulns. But it's not even working after the NVD fix.
I am able to see that everyday the vulnerability count is changing but nothing gets sent to the webhook i have configured in automation. I have tried testing the webhook manually it's working fine. I have tried reconfiguring it. Tried to dig into server logs to see any events but i dont see a single event related to webhook/automation being called or error that it wasnt able to execute.
TODO
🧑💻 Steps to reproduce
Add any new vulnerable software to your device. Let fleet sync it
See if automation sends details to webhook or not.