CVE Subscriptions
SP360’s interface for Common Vulnerability and Exposure (CVE) functionality allows users to manage their OpenCVE subscriptions. Selecting this menu option enables users to receive real-time notifications for newly identified or updated vulnerabilities by leveraging the OpenCVE platform. This feature enables you to receive alerts for vendors and/or products that are most important for your organization.
SP360’s interface for “CVE Subscriptions” includes the following four segments, described below.
- “Vendor Subscriptions” – the red outlined box shows all currently selected vendors.
- “Product Subscriptions” – the green outlined box shows all currently selected products.
- “Vendors” – the yellow outlined box allows you to designate the vendors of interest.
- “Products” – the blue outlined box allows you to select the products of interest for a specified vendor.
Navigating the CVE Subscription Process
Step 1: In the “Vendor Selection” area, a search bar allows you to search for a particular vendor. For example, typing “Micros” and clicking the Search bar will show all vendors that start with those letters (in this case Microstrategy and Microsoft, among others). Once you see the vendor you are interested in (e.g., Microsoft), clicking on the desired vendor will result in a list of all the products offered by that particular vendor as shown below.
Clicking on the bell icon next to a vendor’s name will result in subscribing to updates for all products offered by that vendor. After successfully subscribing to a particular vendor, the “Vendor Subscriptions” area will be updated, as shown below.
Step 2: Alternatively, once the “Products” area is populated, users can filter and search for the products they care about utilizing the search bar. Once the desired product(s) are displayed, clicking on the bell icon next to a particular product will result in subscribing to updates for critical vulnerabilities for that product.
Step 3: Any products that the user selects for receiving updates will automatically be reflected in the “Product Subscriptions” area, as shown below.
Step 4: Once the subscription process is completed, the user will receive a daily email notification if there are one or more notifications for new or modified vulnerabilities. If there are no new vulnerabilities in the last 24-hour period, there will be no email that day. A sample notification email is shown below.
Note:
- Each vulnerability has a severity/ranking to reflect its impact. Available severities are (Critical, High, Medium, or Low).
- For OpenCVE email, only the first 100 notifications will be included in the email, and at the bottom of the email there will be a link to the OpenCVE platform where the remaining vulnerabilities can be viewed.This prevents the email from getting too unwieldy.