Troubleshooting Application and CPE / CVE Sync Issues
search cancel

Troubleshooting Application and CPE / CVE Sync Issues

book

Article ID: 286592

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

To troubleshoot Application and Common Platform Enumeration (CPE) / Common Vulnerabilities and Exposures (CVE) sync issues.

Environment

  • App Control Server: Version 8.10.2 and Higher

Resolution

Note:

  • NIST Deprecated the API used by Server versions 8.8.0 - 8.10.0. An upgrade to Server 8.10.2+ is required to use CPE / CVE features.
  • Application data is synced with the agent every 12 hours. If it has not been over 12 hours, then out of date application data is expected.

 

  1. Verify the CPE Applications feature has been fully configured and enabled. 
  2. In Reports > Events add a Filter for Type > Is: CPE Management and review the Errors.
  3. Verify the network requirements to the remote NIST API:
    • If SSL/Packet Inspection is enabled, add an exception for the communication to/from services.nvd.nist.gov to prevent rejection of modified packets.
    • Use PowerShell from the application server to test communication to the NVD website on Port 443: 
      TNC -ComputerName services.nvd.nist.gov -Port 443
  4. Verify the CPE and CVE settings:
    • Reset the CPE and CVE URLs to the default locations, and attempt a manual sync.
    • If an NVD API Key was specified, try removing the API Key, and attempt a manual sync.
  5. Restart the App Control Reporter service.
  6. Use Postman from the application server to pull sample data from the NIST API (Example with the App Control API).
  7. Reset the CPE Data and download a fresh copy of the NIST CPE Library.

 

If the issue persists:

  1. Start a Wireshark Capture on the application server hosting the Console.
  2. Begin logging in the App Control Console:
    1. Log in to the Console and navigate to: https://ServerAddress/support.php > Diagnostics
    2. Click Snapshot Server Logs to write existing logs and start a fresh log file.
    3. Set Server Logging as follows:
      • Logging Duration: 30 Minutes
      • Debug Level: High
      • Reporter Log Level: Verbose
      • Script Debug Level: Minimum (default)
      • Active Directory Debug Level: Minimum (default)
    4. Click Start Logging
  3. Start a manual sync, wait 3-5 minutes.
  4. Capture & zip all resulting logs together then provide to Support.

Additional Information

  • This feature is not supported if the App Control Server is installed on Windows Server 2012.
  • This feature relies upon communication between the application server and (by default) the NVD services owned by NIST.
  • By default the delay between API requests for the CPE Sync is 6 seconds (Shepherd Config: CPEDelayBetweenRequests).
  • If an error is encountered on the remote CPE site, this delay is increased to 60 seconds (Shepherd Config: CPEDelayBetweenFailedRequests).
  • Application data can be manually synced by:
    • Navigating to Assets > Computers > Clicking into the "Computer Details"
    • Click "Other Actions" under Advanced > Rescan installed applications.
Powered by Wolken Software