From 8e0cd2ba376de951bbe05b559cce452ecc5c9bcb Mon Sep 17 00:00:00 2001
From: Marcel Kemp <marcel.kemp@wazuh.com>
Date: Mon, 4 Sep 2023 17:29:57 +0200
Subject: [PATCH] Update Debian OVAL URL for offline update

---
 .../offline-update.rst                        | 28 +++++++++----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/source/user-manual/capabilities/vulnerability-detection/offline-update.rst b/source/user-manual/capabilities/vulnerability-detection/offline-update.rst
index e840f909fe..c3a508967f 100644
--- a/source/user-manual/capabilities/vulnerability-detection/offline-update.rst
+++ b/source/user-manual/capabilities/vulnerability-detection/offline-update.rst
@@ -62,7 +62,7 @@ Currently, the module fetches the Debian vulnerabilities from two different sour
 -  JSON feed with global information about the affected packages for each distribution.
 
 .. note::
-   
+
    Both sources are necessary for the proper functioning of the scanner. Below are the steps to configure each source for the offline update.
 
 Debian OVAL feed
@@ -70,13 +70,13 @@ Debian OVAL feed
 
 To perform an offline update of Debian OVAL feeds, you must download the appropriate files.
 
-+------------+-------------------------------------------------------------------------------------------------------+
-| OS         | Files                                                                                                 |
-+============+=======================================================================================================+
-| Bullseye   | `oval-definitions-bullseye.xml <https://www.debian.org/security/oval/oval-definitions-bullseye.xml>`_ |
-+------------+-------------------------------------------------------------------------------------------------------+
-| Buster     | `oval-definitions-buster.xml <https://www.debian.org/security/oval/oval-definitions-buster.xml>`_     |
-+------------+-------------------------------------------------------------------------------------------------------+
++------------+---------------------------------------------------------------------------------------------------------------+
+| OS         | Files                                                                                                         |
++============+===============================================================================================================+
+| Bullseye   | `oval-definitions-bullseye.xml.bz2 <https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2>`_ |
++------------+---------------------------------------------------------------------------------------------------------------+
+| Buster     | `oval-definitions-buster.xml.bz2 <https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2>`_     |
++------------+---------------------------------------------------------------------------------------------------------------+
 
 To update the vulnerability feed from a user-defined repository, use a configuration similar to the following.
 
@@ -84,8 +84,8 @@ To update the vulnerability feed from a user-defined repository, use a configura
 
    <provider name="debian">
       <enabled>yes</enabled>
-      <os url="http://local_repo/oval-definitions-bullseye.xml">bullseye</os>
-      <os url="http://local_repo/oval-definitions-buster.xml">buster</os>
+      <os url="http://local_repo/oval-definitions-bullseye.xml.bz2">bullseye</os>
+      <os url="http://local_repo/oval-definitions-buster.xml.bz2">buster</os>
       <update_interval>1h</update_interval>
    </provider>
 
@@ -95,8 +95,8 @@ To use a local feed file, add the ``path`` attribute accompanying the ``os`` opt
 
    <provider name="debian">
       <enabled>yes</enabled>
-      <os path="/local_path/oval-definitions-bullseye.xml">bullseye</os>
-      <os path="/local_path/oval-definitions-buster.xml">buster</os>
+      <os path="/local_path/oval-definitions-bullseye.xml.bz2">bullseye</os>
+      <os path="/local_path/oval-definitions-buster.xml.bz2">buster</os>
       <update_interval>1h</update_interval>
    </provider>
 
@@ -430,8 +430,8 @@ Sample Configuration
        <!-- Debian OS vulnerabilities -->
        <provider name="debian">
            <enabled>yes</enabled>
-           <os path="/local_path/oval-definitions-bullseye.xml">bullseye</os>
-           <os path="/local_path/oval-definitions-buster.xml">buster</os>
+           <os path="/local_path/oval-definitions-bullseye.xml.bz2">bullseye</os>
+           <os path="/local_path/oval-definitions-buster.xml.bz2">buster</os>
            <path>/local_path/security_tracker_local.json</path>
            <update_interval>1h</update_interval>
        </provider>