What Is Software and CVE Discovery?
Software Discovery is a feature that allows you to view the software running on any server, whether it is Linux or Windows-based.
CVE Discovery is a feature that allows you to view the vulnerabilities on any Linux server.
Linux Set-Up
To gather the information on all the running services on the Linux server, you need to provide credentials that are part of the SUDOers group and access needs to be allowed from the Faddom server or proxy on port 22 for SSH access to the target servers.
Windows Set-Up
For Windows, if the Faddom server is installed via Linux ova, this requires an additional proxy installed on an existing Windows server (see How to Setup the Faddom Proxy). This also requires a user account with permissions to run the following WMI queries:
\ROOT\StandardCimv2 - SELECT * FROM MSFT_NetTCPConnection
\ROOT\CIMV2 - SELECT * FROM Win32_Process
Note: In order to use this you may need to adjust your firewall rules as per the table below
Port Number | Port Assignment |
135 | DCE RPC Endpoint Manager |
49152-65535 | DCOM |
139 | NetBios Session Software |
445 | Microsoft Directory Softwares SMB |
Select Settings > Software and CVE Discovery
Click on New Task and you will be presented with the credentials screen
Add New Host Credentials for the server(s) that you wish to see the software of, then enter the credentials as well as the server type, highlighted in blue.
Click on the on the right-hand side, select the subnet(s) that you wish to run the discovery on and click Save. Faddom will scan all the servers it finds in the selected subnets and attempt to connect to each one with the provided credentials.
You can set the schedule to determine when the software discovery will run below the discovery tasks table.
If you have any issues running this feature please see our guide Troubleshooting WMI Connections for Software or User Discovery