Vulnerability cases

In case you receive a ticket where the client is having issues with vulnerabilities, the first thing to do is
check if it is from ArcSight or RedHat.

Follow the next steps:

1) Ask the client the following information:

• Appliance version
• Logger version
• RedHat version
2) Once we have the information, we need to ask the customer for the CVE (common
vulnerabilities and exposures). If the client has more than 10 CVE, we need to check the severity
of the vulnerabilities, normally they go from 1 to 5 where 5 is the critical.
FYI: we cannot work in one ticket vulnerabilities coming from ArcSight and Logger, it must be
in separate tickets.
3) The CVE format is: CVE:YEAR:DATE . Once you have the CVE we need to look for the “errata” on
the RedHat website. Here we have two options:
➢ If we find the errata and the correct update on the website, we can take that
information and give it to the client.
“ Customer you can upgrade the OS to this xxx version”.
➢ If we do not find the errata or any update we will need to go to Jira and check if there is
an update, if that is not the case we will need to create a ticket with the Developers.

FYI: if we have more than one CVE we need to do the same process one by one.