NeuVector Limitation in Vulnerability reports with a high number of CVEs
This document (000021292) is provided subject to the disclaimer at the end of this document.
Environment
Feature: Vulnerability Reports.
Target: NeuVector UI.
Capability: Generate a full vulnerability report with more than 500 active CVEs.
Situation
It is possible to generate vulnerability reports in NeuVector so that you can visualize and share the active CVEs in your environment. You will see all vulnerabilities in NeuVector UI -> Security Risks -> Vulnerabilities. These vulnerabilities are displayed and reported as Active according to the security feeds that NeuVector consumes.
However, when many CVEs are reported in your environment, NeuVector will only use the first 500 CVEs according to the published datetime. That limitation is done for efficiency in NeuVector's data processing, avoiding overloads when there are too many CVEs in your environment.
A good practice recommended by engineering is to generate periodic reports using the "Last Modified" filter provided in the pop-up dialog (Last two weeks, one month, etc.) to ensure that the report sizes are not too large to render.
So if you have more than 500 active CVEs in your environment, NeuVector will display the last 500 according to their publication, so it's expected behavior that you won't see all the CVEs in your report when there are more than 500. Still, a workaround exists to generate a full report.
Resolution
It is not good practice to have many unpatched CVEs in your environment. Still, suppose your domain reports more than 500 active CVEs, and you wish to generate a full report. You should open a case and contact the SUSE NeuVector Support to generate a detailed report. This report is generated via JSON/HAR files.
To generate the JSON and HAR files, please execute the following procedure:
1. Look for "devtools.netmonitor.responseBodyLimit" in your browser settings and set this value to 0. This will allow you to collect the complete response from the page.
2. Navegate to NeuVector -> Security Risks -> Vulnerabilities.
3. In Google Chrome or your preferred browser, click on the "F12" key and refresh the page to list all CVEs.
4. On DevTools Page, click on Network Tab -> Right-click on CVE -> Copy -> Copy Response -> Save in a JSON file.
5. On DevTools Page, click on Network Tab -> Right-click on Container -> Copy -> Copy Response -> Save in a JSON file.
6. On DevTools Page, click on Network Tab -> Right-click on CVE -> Save all as HAR file.
7. On DevTools Page, click on Network Tab -> Right-click on Container -> Save all as HAR file.
8. Attach JSON and HAR files to ticket in question.
With this data, it will be possible to generate the complete report with more than 500 CVEs so that you can view them all in a CSV or PDF file.
This procedure is helpful if you want a complete view of all the CVEs reported in your environment when they exceed 500. With this report, you can share it with your team to make corrections as soon as possible.
Cause
NeuVector doesn't show all the CVEs when there are more than 500 in your domain.
Status
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000021292
- Creation Date: 14-Dec-2023
- Modified Date:19-Dec-2023
-
- SUSE NeuVector
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com