By default, the SaltStack SecOps Vulnerability library initially ingests the latest vulnerability content when the SaltStack Config server boots. It also checks for updates on a daily basis. The first time the server boots up or when there’s a new vulnerability content update, it may take 15-20 minutes to get the latest content.
If you have changed the default to require manual updates, you can update the SaltStack SecOps Vulnerability content manually:
- Click Administration > SecOps on the side menu.
- Under Vulnerability Content, click Check for updates.
The latest content begins to download, if it is available. For more on how to configure manual ingestion settings, see Configure SaltStack SecOps.
Note: The Package ID matches the UUID of the content tarball provided by SaltStack. However, if you notice a mismatch between the two IDs, this is because the tarball has been renamed. Check the name of the file you uploaded to ensure it still has the original filename provided by SaltStack. It might have been modified by a user, or by a computer.
For instructions on configuring manual library updates, see Configure SaltStack SecOps.
How the vulnerability library works
SaltStack Config uses an automated process to search for the latest security advisories along with the software packages or versions to fix nodes that are impacted by those vulnerabilities. This content is built and updated continuously in the vulnerability library.
When a new advisory or remediation is available, SaltStack Config bundles the library into a tarball and makes it available for download to SaltStack SecOps Vulnerability customers. By default, SaltStack Config checks for new content daily. See Updating the vulnerability library for more information.
The vulnerability library tarball is encrypted before it is made available to SaltStack SecOps Vulnerability customers to ensure data integrity. A SaltStack SecOps Vulnerability license comes with the necessary keys to decrypt the tarball once it is downloaded. When SaltStack SecOps Vulnerability ingests a new tarball, it may take 15-20 minutes to get the latest content, which can impact performance.
If you use the default process to update the vulnerability library, you will experience this performance delay the first time you download this content after installing and activating SaltStack SecOps Vulnerability. Then, when a new tarball is available for download, it will be ingested and updated in the background.
However, you might possibly experience the 15-20 minute delay during ingestion again, depending on the timing of the update. You can reduce the possibility that you will experience this delay by automatically updating the vulnerability library rather than updating it manually.