The National Vulnerability Database (NVD) uses Common Platform Enumeration (CPE) identifiers to represent information technology systems, software, and packages. Whenever an identifier is brought into RiskVision, such as from a vulnerability scanner, with identifiers that differ from the NVD identifiers, RiskVision treats these technologies as non-validated technologies. Before these non-validated identifiers can be mapped to a technology, you will first need to review them.
To review non-validated technologies:
- Open Threat and Vulnerability Manager.
- Go to Technologies > All Technologies.
- Click Review Non Validated Technologies. The technologies with validated flag 'No' will appear.
- Click a technology to open its details page.
- Click Edit in the upper right-hand corner of the window.
- Click the General tab.
- Click Yes next to the Validated option.
- Click Save.