Agent
N/A
Platform
Current
Cloud
N/A
Best answer by juliensobrier
View original
How often are update CVEs?
Userlevel 2
Userlevel 2
Lacework ingests new CVEs daily from OS vendors and the NIST National Vulnerability Database (NVD).
We update our CVE database daily. However, for major new vulernabiliies (such as Log4j), we can update it multiple times a day.
Additional sub-question: Do we notate zero-day vulnerabilities any differently?
By definition, zero-days don’t have a CVE before they are disclosed. We will alert based on behavior, but not in the vulnerability section.
We do note whether vulns have a published exploit and use that as part of the risk scoring.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.