How to update NSRL known software (NIST) list within Clearwell

Article:HOWTO77640  |  Created: 2012-08-20  |  Updated: 2012-10-20  |  Article URL http://www.symantec.com/docs/HOWTO77640
Article Type
How To



Background information on the NSRL can be found at this URL: http://www.nsrl.nist.gov/new.html

Clearwell ships with a default (customized) version of the NSRL, which is updated at each major/minor release.  The NSRL is updated periodically to include both new known software additions, as well as updates to files which were covered in previous releases.  As a result of mismatched release schedules between Clearwell and the NSRL, the version of the NSRL (otherwise known as the "NIST list") may be out of date.

The NSRL is used in both the Identification & Collection area of the product, and the Processing area of the product.

To update the version of the NIST list that ships with Clearwell, simply follow these instructions:
 

  • Obtain Clearwell's FTP site login information which corresponds to the version of software your organization is running.  This can be obtained from Clearwell technical support by emailing clearwell_support@symantec.com.
  • Download the appropriate version of the NSRL from the NSRLVersions subfolder off the root of the FTP site, per the image below.
  • Once downloaded, unpack the contents of the zip file.  Clearwell's version of the "bloom filter" contains only MD5 hash values of the known software list, and is somewhat lighter weight than the full version available from NIST.
  • Create a backup copy of the existing file d:\bloomnsrl\nsrl_rds_md5.bf, and replace the existing version with the copy extracted from the zip file downloaded from Clearwell's FTP site.

If you are running Clearwell in a cluster configuration, the following steps will need to be repeated for each member server in your cluster.  Failure to do so may result in inconsistent known file exclusions during processing, identification, or collection.  If you have created any Onsite Collectors, these will need to be updated as well.
 

  1. Launch Clearwell, and under support features, select the Property Browser feature.  
  2. In Step 2 of the Property Browser feature, choose an appliance.  In a clustered configuration, it's always best to select the master appliance first.
  3. In the Name of property to change field, enter the following text: esa.ui.nist.default.name
  4. In the New value (leave blank to remove), enter the following text: NSRL Reference Data Set (\"NIST List\")
  5. Select the Confirm Change.  Are you sure? checkbox.
  6. Click Submit

Repeat steps 2-6 for each of the following Property to change and New Value entries, according to the version of the NSRL that you downloaded above:

  • esa.ui.nist.default.name=NSRL Reference Data Set (\"NIST List\")
  • esa.ui.nist.default.description = The NSRL Reference Data Set version 2.36 (Mar 2012)
  • esa.packages.bloomnsrl.src = nsrl_rds_md5-236.zip
  • esa.packages.bloomnsrl.longDesc= The NSRL Reference Data Set version 2.36 (Mar 2012)

Then, repeat this entire process for each server in the Clearwell cluster.

After making the change, a services restart on each node is required.  This can be done either via the Clearwell Utility, or from the Appliances system menu on the server.  

 




Article URL http://www.symantec.com/docs/HOWTO77640


Terms of use for this information are found in Legal Notices