National Vulnerability Database
This Integration is part of the National Vulnerability Database Feed Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
CVE feed from the National Vulnerability Database This integration was integrated and tested with version 1.0 of National Vulnerability Database API
Configure National Vulnerability Database in Cortex#
| Parameter | Description | Required |
|---|---|---|
| API Key | False | |
| Feed Type | True | |
| CPE Match String | Filter CVEs based on the affected products. For example: cpe:2.3⭕microsoft:windows_10 to match all Windows 10. cpe:2.3:*:microsoft for all Microsoft | False |
| Keyword | Retrieve CVEs where a word or phrase is found in the CPE title or reference links. | False |
| CVSS V2 Metrics | Filter CVEs based on CVSS V2 vector strings. See https://nvd.nist.gov/developers/vulnerabilities for more information. | False |
| CVSS V2 Severity | Filter CVEs based on their CVSS V2 Severity rating. | False |
| CVSS V3 Metrics | Filter CVEs based on CVSS V3 vector strings. See https://nvd.nist.gov/developers/vulnerabilities for more information. | False |
| CVSS V3 Severity | Filter CVEs based on their CVSS V3 Severity rating. | False |
| History | How many days in history to go back and collect. | False |
| Trust any certificate (not secure) | False | |
| Use system proxy settings | False | |
| Fetch indicators | False | |
| Indicator Reputation | Indicators from this integration instance will be marked with this reputation | False |
| Source Reliability | Reliability of the source providing the intelligence data | True |
| False | ||
| Feed Fetch Interval | False | |
| False | ||
| Bypass exclusion list | When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system. | False |
| Tags | Supports CSV values. | False |
| Traffic Light Protocol Color | The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed | False |
Commands#
You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
nvd-get-indicators#
Retrieves CVEs from NVD
Base Command#
nvd-get-indicators
Input#
| Argument Name | Description | Required |
|---|
Context Output#
| Path | Type | Description |
|---|---|---|
| CPE.cpe23Uril | String | This element identifies a CPE by the CPE 2.3 Naming specification |
| CPE.titles | Unknown | This element contains the human-readable, English title for the CPE. |