Import CVRF data from advisories by configuring the vendor URL with import type as API.

Before you begin

Role required: sn_vul.vulnerability_admin, sn_vul.admin (deprecated), or admin

About this task

When the integration runs, the advisories are fetched. The CVRF URL and advisories ID are extracted from the payload. The REST API calls are made for each CVRF URL, and data is parsed and stored in the sn_vul_solution table.

Procedure

  1. Navigate to Vulnerability Response > Administration > Setup Assistant > Integration Configuration > Solution Integrations > Common Vulnerability Response Framework.
  2. Click Add Integration.
  3. On the form, fill in the fields.
    Table 1. Import solution advisories form
    Field Description
    Import type Option to select the import type. Select API.
    Name Unique name for the integration.
    Vendor Name of the vendor.
    Note: The Source field of the solutions is populated with the Vendor name.
    Connection alias Option to select an authenticated credential.
    Note: The sys_alias table stores credentials and the base URL for advisories.
    Schedule Frequency at which the data must be updated.
    Day Day of the week when you want the data to get updated.
    Time Time of the week when you want the data to get updated.
    API Configuration
    Flow Option to select the flow.

    The flow gets triggered when the scheduler gets executed. The flow takes care of parsing advisories and extracts the CVRF URL and stores those details in the update tables. You can copy the existing flow and edit as required. For example, you can make changes related to pagination.
    Flow action Option to select the flow action.

    Flow actions take care of the sliding window capability. You can update the flow actions and add the query parameter directly to the action by dragging.
    Mapping Table Option to select the mapping table.

    The record of the Enrichment Data Mapping Table is used for extracting the CVRF URL and Advisory ID from the payload of advisories.
    Advisories from response Option to enter the tag name from the payload of advisories from where the list of advisories can be extracted.
    Filter Criteria
    Time range parameters Option to select the time range for the request and the date format for API calls.

    Start Date/End Date Request parameter is the parameter name used for start date and end date during API calls. For example, StartDate, start_date, endDate, end_date.
    Date format Option to enter the date format, such as, mm/dd/yyyy..

    The date format is the format that the API needs for filtering. Formats that are not supported by GlideDate do not work.
    Initial range in days Enter the days for which the data must be fetched when the scheduler is first executed.
    For subsequent runs, the sliding window mechanism is followed.
    Note: If you do not want to select a time range, select No Parameters.
    Scanner mappings
    Scanner Source Option to select the source of the third-party entry (TPE).
    Vulnerability column Option to select the keyword.
    Keywords Option to enter the keyword for searching the selected vulnerability column.
  4. Click Finish.