Running F5 BIG-IP CVE Reporting

To run this workflow:

  1. Go to Menu > ADC+ > AUTOMATION > Workflow Catalog > View/Run
  2. Click the F5 BIG-IP System category on the View/Run Workflows page.
  3. On the popup window, hover the mouse over the F5 BIG-IP CVE Reporting workflow.
    The Run and Schedule buttons are displayed.
  4. Click .
    The Request > F5 BIG-IP CVE Reporting :: FormBuilder page is displayed.
  5. Enter/select the Search Filter details.
    Table 1. Search Filter Section - Field and Description Table
    Field Description
    Search Filter

    Select the search filter. The possible options are:

    • F5 BIG-IP Version – This option allows you to get the devices based on the product version. The product versions listed in the drop-down option are in the format <major version>.x.x. The vulnerabilities will be validated for the devices of selected product versions.
    • F5 Big-IP Name – This option allows you to get the devices based on the name.
    *Available Device Versions Select the devices or product version from the drop-down list for which CVE validation to be triggered. The drop-down list is displayed if Search Filter is F5 BIG-IP Version.
    *Available Devices Select the devices from the drop-down list for which CVE validation to be triggered. The drop-down list is displayed if Search Filter is F5 BIG-IP Name.
  6. Click Get CVE AFFECTED F5s to get the devices affected by the CVE vulnerabilities.
    The devices that are affected by the vulnerabilities are listed in the CVEs and F5s Impacted section.
  7. If this report is to be sent via email, set the Get Report By Email option to Yes, and then enter the email IDs in the Email_id field.
    Note: Multiple email IDs can be added as comma-separated values.
  8. Click Submit For Detailed Report.
  9. To save this form so you can edit it later, click Save Draft and then click OK.
    The form will be saved as Open request under Request > My Request.

    OR

    To submit the form, click OK.

    The report generation starts automatically. The CVE Report and CVE Severity Report are generated.
  10. To view the CVE report, click the CVE Report tab from the left panel.
    The report can be downloaded by clicking .
  11. To view the CVE severity report, click the CVE Severity Report tab from the left panel.
    The view of this report can be changed from pie chart or donut view by selecting the option from the View by drop-down option.
    The CVE Severity Report displays the following details:
    • Device Scanned – Total number of scanned devices.
    • Vulnerable Devices – Total number of vulnerable devices in the devices scanned.
    • Unique CVEs - Unique vulnerability.
    • Total CVEs – Cumulative count of severities (Critical, Medium, High, etc.) reported for each module (LTM, GTM, AFM, and ASM) in the device. The severity reported for a module is identified only if the module is enabled in AppViewX while adding the device in the Inventory.

    The remediation versions are mentioned for each module (LTM/GTM/AFM/ASM) in the vulnerable devices, in the CVE Report tab. If required, trigger the F5 BIG-IP Software Upgrade on Standalone or F5 BIG-IP Software Upgrade on HA Devices to fix the vulnerabilities in the device.