We recently loaded NCM 7.4 with hopes of using the tool to help automate reporting of potential security vulnerabilities in our Cisco IOS devices.
While the framework in NCM looks great, the source of data (CVEs) is lacking - in that it appears to only look at major releases, i.e... 12.2, 12.4, but does not take into account the minor release info, i.e... 12.4(24)T4.
What I end up with is a report of my 300 devices, with hundreds of "potential" vulnerabilities - even though the IOS is a current release.
What I am curious is if Solarwinds will be enhancing the NCM product in order to obtain more detailed vulnerability reporting capabilities through the use of CVRF files.
Thanks in advance for your response!