Supported Cortex XSOAR versions: 6.0.0 and later.
CVE feed from the National Vulnerability Database This integration was integrated and tested with version 1.0 of National Vulnerability Database API
Navigate to Settings > Integrations > Servers & Services.
Search for National Vulnerability Database.
Click Add instance to create and configure a new integration instance.
Parameter Description Required API Key False Feed Type True CPE Match String Filter CVEs based on the affected products. For example: cpe:2.3⭕microsoft:windows_10 to match all Windows 10. cpe:2.3:*:microsoft for all Microsoft False Keyword Retrieve CVEs where a word or phrase is found in the CPE title or reference links. False CVSS V2 Metrics Filter CVEs based on CVSS V2 vector strings. See https://nvd.nist.gov/developers/vulnerabilities for more information. False CVSS V2 Severity Filter CVEs based on their CVSS V2 Severity rating. False CVSS V3 Metrics Filter CVEs based on CVSS V3 vector strings. See https://nvd.nist.gov/developers/vulnerabilities for more information. False CVSS V3 Severity Filter CVEs based on their CVSS V3 Severity rating. False History How many days in history to go back and collect. False Trust any certificate (not secure) False Use system proxy settings False Fetch indicators False Indicator Reputation Indicators from this integration instance will be marked with this reputation False Source Reliability Reliability of the source providing the intelligence data True False Feed Fetch Interval False False Bypass exclusion list When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system. False Tags Supports CSV values. False Traffic Light Protocol Color The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed False
Click Test to validate the URLs, token, and connection.
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Retrieves CVEs from NVD
|CPE.cpe23Uril||String||This element identifies a CPE by the CPE 2.3 Naming specification|
|CPE.titles||Unknown||This element contains the human-readable, English title for the CPE.|