Environment
- App Control Console: Version 8.10.2 and Higher
Objective
To troubleshoot Common Platform Enumeration (CPE) and Common Vulnerabilities and Exposures (CVE) sync issues.
Resolution
NIST Deprecated the API used by Server version 8.8.0 - 8.10.0. An upgrade to Server 8.10.2+ is required to use this feature. |
- Verify the CPE Applications feature has been fully configured and enabled.
- In Reports > Events add a Filter for Type > Is: CPE Management and review the Errors.
- Verify the network requirements to the remote NIST API:
- Verify the CPE and CVE settings:
- Reset the CPE and CVE URLs to the default locations, and attempt a manual sync.
- If an NVD API Key was specified, try removing the API Key, and attempt a manual sync.
- Restart the App Control Reporter service.
- Use Postman from the application server to pull sample data from the NIST API (Example with the App Control API).
- Reset the CPE Data and download a fresh copy of the NIST CPE Library.
If the issue persists, please:
- Start a Wireshark Capture on the application server hosting the Console.
- Start the Server High Debug Logging.
- Recreate the issue & provide the resulting logs to Support.
Additional Notes
- This feature is not supported if the App Control Server is installed on Windows Server 2012.
- This feature relies upon communication between the application server and (by default) the NVD services owned by NIST.
- By default the delay between API requests for the CPE Sync is 6 seconds (Shepherd Config: CPEDelayBetweenRequests).
- If an error is encountered on the remote CPE site, this delay is increased to 60 seconds (Shepherd Config: CPEDelayBetweenFailedRequests).
Related Content