How to update NSRL known software (NIST) list within Clearwell
|Article:HOWTO77640|||||Created: 2012-08-20|||||Updated: 2014-10-31|||||Article URL http://www.symantec.com/docs/HOWTO77640|
Clearwell ships with a default (customized) version of the NSRL, which is updated at each major/minor release. The NSRL is updated periodically to include both new known software additions, as well as updates to files which were covered in previous releases. As a result of mismatched release schedules between Clearwell and the NSRL, the version of the NSRL (otherwise known as the "NIST list") may be out of date.
The NSRL is used in both the Identification & Collection area of the product, and the Processing area of the product.
To update the version of the NIST list that ships with Clearwell, simply follow these instructions:
- Obtain Clearwell's FTP site login information which corresponds to the version of software that is running.
- Download the appropriate version of the NSRL from the NSRLVersions subfolder off the root of the FTP site.
- Once downloaded, unpack the contents of the zip file. Clearwell's version of the "bloom filter" contains only MD5 hash values of the known software list, and is somewhat lighter weight than the full version available from NIST.
- Create a backup copy of the existing file d:\bloomnsrl\nsrl_rds_md5.bf, and replace the existing version with the copy extracted from the zip file downloaded from Clearwell's FTP site.
If running Clearwell in a cluster configuration, the following steps will need to be repeated for each member server in the cluster. Failure to do so may result in inconsistent known file exclusions during processing, identification, or collection. If Onsite Collectors exist, these will need to be updated as well.
- Launch Clearwell, and under support features, select the Property Browser feature.
- In Step 2 of the Property Browser feature, choose an appliance. In a clustered configuration, it's always best to select the master appliance first.
- In the Name of property to change field, enter the following text: esa.ui.nist.default.name
- In the New value (leave blank to remove), enter the following text: NSRL Reference Data Set (\"NIST List\")
- Select the Confirm Change. Are you sure? checkbox.
- Click Submit
Repeat steps 2-6 for each of the following Property to change and New Value entries, according to the version of the NSRL that was downloaded above:
- esa.ui.nist.default.name=NSRL Reference Data Set (\"NIST List\")
- esa.ui.nist.default.description = The NSRL Reference Data Set version 2.36 (Mar 2012)
- esa.packages.bloomnsrl.src = nsrl_rds_md5-236.zip
- esa.packages.bloomnsrl.longDesc= The NSRL Reference Data Set version 2.36 (Mar 2012)
Then, repeat this entire process for each server in the Clearwell cluster.
After making the change, a services restart on each node is required. This can be done either via the Clearwell Utility, or from the Appliances system menu on the server.
For additional information on the NSRL refer to http://www.nsrl.nist.gov/new.html.
Article URL http://www.symantec.com/docs/HOWTO77640