Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-5989

Inspecting vulnerability definitions to understand whether Red Hat Advanced Cluster Security knows about specific CVEs

XMLWordPrintable

    • False
    • None
    • False
    • Not Selected

      Business Problem:

      As per Fetching vulnerability definitions, vulnerability definitions are updated every 5 minutes, based on the content available on https://definitions.stackrox.io. Yet the content fetched and applied via https://definitions.stackrox.io is unknown to the administrator of Red Hat Advanced Cluster Security and it's therefore not clear whether recent vulnerabilities are already covered in the latest definition or not.

      It's thus requested to have a way in Red Hat Advanced Cluster Security to check whether the a particular CVE is part of the vulnerability definition and therefore actively validated or not yet available in the definition and hence not covered/scanned by Red Hat Advanced Cluster Security

      Use Cases:

      CVE-2024-3094 is a prime example of a vulnerability that may not be exposed too much in the wild yet and therefore possible that no alert is triggered related to this CVE. Yet customers are wondering whether Red Hat Advanced Cluster Security is really scanning for CVE-2024-3094 and thus want to check whether it's available in the vulnerability definition they have available. Known it's there, they can sit back and relaxed as the can be sure it will be detected and also policies can be built to prevent the Image from running at all. But without, there is some uncertainty whether it may be missed because the definition does not have it yet.

      Key Functionality:

      Simple, provide a way to inspect the vulnerability definition for CVEs or a way to let the customer know that a specific vulnerability is known to Red Hat Advanced Cluster Security and thus actively scanned and alerted. So generally share the knowledge of the vulnerability definition so customers can be ensure and maybe also prove to Security Teams that critical vulnerabilities are scanned and alerted.

      Benefits:

      For vulnerabilities such as CVE-2024-3094, it's hard for Red Hat Advanced Cluster Security Teams to report whether they are affected or not as likely no Image is available with the vulnerable Image. Yet they don't know as they can't see whether Red Hat Advanced Cluster Security is scanning for CVE-2024-3094 or is not yet aware about the vulnerability. So there is some uncertainty. With a way to confirm that a vulnerability/CVE is covered in the definition and thus scanned, customers can be more sure that the vulnerability is not exposed in their environment as scanning is taking place and might detect the vulnerability if possible.

      Acceptance criteria:

      Have a way to confirm for users that a certain vulnerability is known to Red Hat Advanced Cluster Security and thus actively scanned. It should be possible to filter/search by CVE number and then understand if that is being scanned actively.

      Implementation Suggestions (optional):

      N/A

      Timeline:

      As soon as possible

              sbadve@redhat.com Shubha Badve
              rhn-support-sreber Simon Reber
              Anjali Telang, Boaz Michaely, Doron Caspin, JP Jung, Maria Simon Marcos, Shubha Badve
              ACS Scanner
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: