National Vulnerability Database

This Integration is part of the National Vulnerability Database Feed Pack.

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

CVE feed from the National Vulnerability Database This integration was integrated and tested with version 1.0 of National Vulnerability Database API

Configure National Vulnerability Database on Cortex XSOAR

1. Navigate to Settings > Integrations > Servers & Services.

2. Search for National Vulnerability Database.

3. Click Add instance to create and configure a new integration instance.

   Parameter	Description	Required
   API Key		False
   Feed Type		True
   CPE Match String	Filter CVEs based on the affected products. For example: cpe:2.3⭕microsoft:windows_10 to match all Windows 10. cpe:2.3:*:microsoft for all Microsoft	False
   Keyword	Retrieve CVEs where a word or phrase is found in the CPE title or reference links.	False
   CVSS V2 Metrics	Filter CVEs based on CVSS V2 vector strings. See https://nvd.nist.gov/developers/vulnerabilities for more information.	False
   CVSS V2 Severity	Filter CVEs based on their CVSS V2 Severity rating.	False
   CVSS V3 Metrics	Filter CVEs based on CVSS V3 vector strings. See https://nvd.nist.gov/developers/vulnerabilities for more information.	False
   CVSS V3 Severity	Filter CVEs based on their CVSS V3 Severity rating.	False
   History	How many days in history to go back and collect.	False
   Trust any certificate (not secure)		False
   Use system proxy settings		False
   Fetch indicators		False
   Indicator Reputation	Indicators from this integration instance will be marked with this reputation	False
   Source Reliability	Reliability of the source providing the intelligence data	True
   		False
   Feed Fetch Interval		False
   		False
   Bypass exclusion list	When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.	False
   Tags	Supports CSV values.	False
   Traffic Light Protocol Color	The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed	False

4. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

nvd-get-indicators

---

Retrieves CVEs from NVD

Base Command

nvd-get-indicators

Input

Argument Name	Description	Required

Context Output

Path	Type	Description
CPE.cpe23Uril	String	This element identifies a CPE by the CPE 2.3 Naming specification
CPE.titles	Unknown	This element contains the human-readable, English title for the CPE.