Manage NVD, CWE, and Third-party data import

Vulnerability data can be imported from the NVD, CWE, or third-parties and used to decide whether to escalate a vulnerability group. You can update NVD records on-demand or configure a scheduled job to update them or CWE regularly. If needed, you can create third-party vulnerability entries manually. Vulnerability Response stores them under Libraries.

The Vulnerable items in your system are grouped and are usually managed in bulk, but can be managed individually. Each vulnerability is represented by a vulnerability entry in the library, from the NVD, or a third-party source.

The following libraries are available:
Libraries Description
NVD List of vulnerabilities found by NVD and includes security checklists, security-related software flaws, misconfigurations, product names, and impact metrics.
CWE

List of community-developed software weakness types.

Each CWE record also includes an associated knowledge article that describes the weakness. You cannot escalate a vulnerability from the Common Weakness Enumerations screen, it is for reference only.

Third-party List of third-party vulnerable software in your instance. Contains a related list of CVEs.
Vulnerable Software List of all vulnerable software in your instance.

Update NVD on-demand

You can update NVD repositories selectively.

Before you begin

Role required: sn_vul.admin

Procedure

  1. Navigate to Vulnerability > Administration > On-Demand Update.
  2. Select the check boxes for the repositories you want to update.
  3. Click Import.
    The Total entries, Last refreshed date, and Last import fields are updated.

What to do next

You can also configure a scheduled job to schedule updates. For example, the scheduled job could update the NVD records every Monday at 01:00.

Configure the scheduled job for updating NVD records

Identify the repositories that you want updated regularly, and then execute a scheduled job to update NVD records on a nightly or weekly basis. You can also update the script or write your own scripts, as needed.

Before you begin

If the NVD data feed you want to use for the scheduled job is not present, you can add it.

Roles required:
  • If you have the admin role, you can add repositories to the scheduled job.
  • If you have sn_vul.vulnerability_read, you can execute the scheduled job.
  • If you have sn_vul.vulnerability_write, you can edit the details of the scheduled job.

Procedure

  1. Navigate to Vulnerability > Administration > NVD Auto-Update.
  2. For each NVD repository that you want to update automatically, change the Automatically update field to true.
  3. Navigate to Vulnerability > Administration > Integrations.
  4. Select the NIST National Vulnerability Database scheduled job.
  5. Modify the fields as needed.
    Table 1. Vulnerability Integration form
    Field Description
    Name The name of the scheduled job.
    Active Whether the scheduled job is active. If you have previously set up this job and then decided to use a different integration, you can uncheck this box to deactivate the job.
    Run The frequency you want the job to run. Subsequent fields are displayed or hidden based on your setting in this field.
    Day The day you want the scheduled job to run.

    If you selected Weekly in the Run field, this field displays the days of the week. If you selected Monthly in the Run field, this field displays the days of the month.

    Time The time you want the scheduled job to start.
    Integration script The script for pulling data from the data sources in the Data Sources related list.
    Application [Read only] The name of the application for which you are running the scheduled job.
    Repeat Interval The number of days and hours before the scheduled job runs again. This field appears when Periodically is selected from the Run list.
    Starting The date and time to start the periodic updates. This field appears when Periodically is selected from the Run list.
    Conditional The check box to add conditional parameters.
    Condition The conditions to run the scheduled job. This field appears when the Conditional check box is selected.
    Report processor strategy The strategy for pulling data and processing the scheduled job.
    • If you have identified data sources and added them to the Data Sources related list, you can select Data Source Attachment to pull data from the data sources using the script in the Integration script field.
    • To select a custom processor in the Report Processor field, select Custom Report Processor.
    Report processor The script to execute when the scheduled job runs. This field appears when Custom Report Processor is selected in the Report processor strategy list.
    Processor factory script The script to build the report processor. This field appears when Custom Report Processor is selected in the Report processor strategy list.
  6. To save your changes, click Update.
  7. To run the scheduled job immediately, click Execute Now.
    Note: When the scheduled job runs and new records are downloaded to the NVD, an email notification is sent to the members of the vulnerability response group.

Configure the scheduled job for updating CWE records

Use Common Weakness Enumeration (CWE) records downloaded from the CWE database for reference when deciding whether a vulnerability must be escalated. Common weakness records can be updated from the Common Weakness Enumeration database on a regularly scheduled basis. You can also update the script or write your own scripts, as needed.

Before you begin

Roles required: sn_vul.admin

Each CWE record also includes an associated knowledge article that describes the weakness. You cannot escalate a vulnerability from the Common Weakness Enumerations page. This page is for reference only.

  • If you have the admin role, you can add repositories to the scheduled job.
  • If you have sn_vul.vulnerability_read, you can execute the scheduled job.
  • If you have sn_vul.vulnerability_write, you can edit the details of the scheduled job.

Procedure

  1. Navigate to Vulnerability > Administration > Integrations.
  2. Select the CWE Comprehensive 2000 Integration scheduled job.
  3. Modify the fields as needed.
    Table 2. Vulnerability Integration form
    Field Description
    Name The name of the scheduled job.
    Active Whether the scheduled job is active. If you do not want the job to run for a specific time period, you can set up the parameters you want to use and deactivate the job.
    Run The frequency you want the job to run. Subsequent fields are displayed or hidden based on your setting in this field.
    Day The day you want the scheduled job to run.

    If you selected Weekly in the Run field, this field displays the days of the week. If you selected Monthly in the Run field, this field displays the days of the month.

    Time The time you want the scheduled job to start.
    Integration script The script for pulling data from the data sources specified in the Data Sources related list.
    Application [Read only] The name of the application for which you are running the scheduled job.
    Repeat Interval The number of days and hours before the scheduled job runs again. This field appears when Periodically is selected in the Run list.
    Starting The date and time to start the periodic updates. This field appears when Periodically is selected in the Run list.
    Conditional The check box to add conditional parameters.
    Condition The conditions to run the schedule job. This field appears when Conditional check box is selected.
    Report processor strategy The strategy for pulling data and processing the scheduled job.
    • To pull data from the data sources in the Data Sources related list using the script in the Integration script field, select Data Source Attachment.
    • To select a custom processor in the Report Processor script field, select the Custom Report Processor.
    Report processor The script to be executed when the scheduled job runs. This field appears when Custom Report Processor is selected in the Report processor strategy list.
    Processor factory script The script to build the report processor. This field appears when Custom Report Processor is selected in the Report processor strategy list.
  4. To save your changes, click Update.
  5. To run the scheduled job immediately, click Execute Now.
    As needed, you can View the vulnerability scan queue to see the progress of the data import.

Configure email notifications for NVD auto-updates

You can configure email notifications to be sent to interested parties, such as the vulnerability response group, when CVE records are updated. You can use the pre-configured notification included with the base system or modify it to better suit your needs.

Before you begin

If you want, you can create an email template with rich HTML formatting. This task is optional, but it can make the creation of future notifications easier.

Role required: admin

Procedure

  1. Navigate to Vulnerability > Administration > Notifications.
  2. Open the New CVEs available notification record.
    The notification is pre-configured to automatically send email notifications to the Vulnerability Response group whenever new CVE items are downloaded to the NVD. The email message text is populated using the new.CVEs.available email template.
  3. Modify the fields as needed.

Add new NVD data feeds

If NVD releases a new annual, modified, or recent feed you can add it, as needed, to your instance.

Before you begin

Role required: sn_vul.vulnerability_admin

Procedure

  1. Navigate to Vulnerability > Administration > NVD Auto-Update.
  2. Click New.
  3. Fill in the fields, as needed.
    Table 3. NVD Data Feeds form
    Field Description
    Display name Enter the name for the data feed.
    Total entries This field is auto-filled with the total number of entries imported when this NVD data feed is updated.
    Last refreshed This field is auto-filled with the date of the last import when this NVD data feed is updated.
    State This field is auto-filled when this NVD data feed is updated.
    Percent complete This field is auto-filled with the percentage of when this NVD data feed is updated.
    Automatically update Select this check box to enable automatic updates of this data feed based on the scheduled job.
    URL Enter the URL for the data feed. For example: https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2016.xml.zip.
  4. Click Submit.