search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
2.64k stars 377 forks source link

Add "data source" as a column to vulnerabilities view #19907

Open dherder opened 1 week ago

dherder commented 1 week ago

Problem

As a vulnerability analyst, it is difficult to determine which data source is linked to vulnerabilities (CVEs) raised in Fleet. This is an important datapoint when determining whether or not a CVE might be a false positive. For example, if I investigate CVE-2332-73839 (fake) I'd first check NVD's linked listing of the CVE. By doing this, I'm still not sure if the CVE source is NVD or vulncheck. I would have to hit the public vulncheck api and correlate that with what I see in NVD.

This is a tedious process and makes it appear that Fleet is not transparent in the data backing the vulnerability detections.

The request is to add a column in the vulnerability views called "data source" that would be populated with either NVD or VulnCheck or any future potential data source, oval, etc.

noahtalerman commented 1 week ago

@dherder when you get the chance can you please describe the exact workflow that inspired this feature request. Something about false positives?

It could be bug.

It could also be documented clearly. There's specific rule for each type of software.

dherder commented 1 week ago

@noahtalerman I raised https://github.com/fleetdm/fleet/issues/19920 to investigate the actual false positive, but by doing that, further proved that we need to show the data source within the UI and API