Assets may be associated to one or more CPE names. This information may be used to find reported vulnerabilities.

See https://www.ar-tools.com/doc/


The CPE dictionary of names is constantly evolving. Download an updated version from here:

https://nvd.nist.gov/download.cfm


In PILAR you may use NIST names, or any string according to your naming policy.


A screenshot of a computer??Description automatically generated


Top left 

Controls the level of expansion of the left tree (assets).

CPEs

Select one or more assets on the left. Click CPEs, and PILAR will select the associated CPE names on the right tree.


Top right 

Controls the level of expansion of the right tree (CPE names).

ASSETS

Select one or more CPE names on the right. Click ASSETS, and PILAR will select the associated assets on the left tree.


Bottom 


DOMAIN

To select the assets associated to a given security domain

SOURCE

To select the assets associated to a given information source

ASSOC

Select one or more assets on the left. Select one or more CPE names on the right. Click ASSOC to associate.

DISSOC

Select one or more assets on the left. Select one or more CPE names on the right. Click DISSOC to dissociate.

NEW

Create a new CPE name; either from NIST catalogue or your own

LOAD

Loads a list of names from a local file. 

File is plain text, one name per line.


To associate a name to an asset

  • select one or more assets on the left panel
  • select one or more names on the right panel
  • click ASSOC


To dissociate a name from an asset

  • select the name to remove
  • click DISSOC


To select the names associated to an asset

  • select one or more assets on the left panel
  • click CPE names


To select the assets associated to a name

  • select one or more names on the right panel
  • click ASSETS


To search for an asset or a CPE name

  • CTRL-F on the appropriate panel