Skip to main content

National Vulnerability Database

This Integration is part of the National Vulnerability Database Feed Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

CVE feed from the National Vulnerability Database This integration was integrated and tested with version 1.0 of National Vulnerability Database API

Configure National Vulnerability Database on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for National Vulnerability Database.

  3. Click Add instance to create and configure a new integration instance.

    API KeyFalse
    Feed TypeTrue
    CPE Match StringFilter CVEs based on the affected products. For example: cpe:2.3⭕microsoft:windows_10 to match all Windows 10. cpe:2.3:*:microsoft for all MicrosoftFalse
    KeywordRetrieve CVEs where a word or phrase is found in the CPE title or reference links.False
    CVSS V2 MetricsFilter CVEs based on CVSS V2 vector strings. See for more information.False
    CVSS V2 SeverityFilter CVEs based on their CVSS V2 Severity rating.False
    CVSS V3 MetricsFilter CVEs based on CVSS V3 vector strings. See for more information.False
    CVSS V3 SeverityFilter CVEs based on their CVSS V3 Severity rating.False
    HistoryHow many days in history to go back and collect.False
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
    Fetch indicatorsFalse
    Indicator ReputationIndicators from this integration instance will be marked with this reputationFalse
    Source ReliabilityReliability of the source providing the intelligence dataTrue
    Feed Fetch IntervalFalse
    Bypass exclusion listWhen selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.False
    TagsSupports CSV values.False
    Traffic Light Protocol ColorThe Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feedFalse
  4. Click Test to validate the URLs, token, and connection.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Retrieves CVEs from NVD

Base Command#



Argument NameDescriptionRequired

Context Output#

CPE.cpe23UrilStringThis element identifies a CPE by the CPE 2.3 Naming specification
CPE.titlesUnknownThis element contains the human-readable, English title for the CPE.