Import CSAF data by configuring the vendor URL in the Setup Assistant.

Before you begin

Role required: sn_vul.vulnerability_admin, sn_vul.admin (deprecated), or admin

About this task

When the integration runs, data is fetched from the URL that gets parsed. Data is then stored in the sn_vul_solution table with source as the vendor name.
Note: The URL can either be a direct CSAF payload, which contains the advisory details, or a Resource-Oriented Lightweight Information Exchange (ROLIE) Feed URL. In either case, the payload is parsed accordingly and the solution records are created. Complete the following steps for CSAF URL import.

You can also import vulnerability solutions from CSAF Aggregators or Trusted Providers through a URL import that supports ROLIE Feed. These vulnerability solutions are automatically mapped to the correct vendor and vulnerable items (VITs) based on the Common Vulnerabilities and Exposures (CVEs).

Scanner mapping isn't applicable for National Vulnerability Database (NVD) based vulnerabilities, which are vulnerabilities with a Common Vulnerability Entry (CVE) in the NVD database.

If you only have one highest superseding solution and it rolls down to the vulnerable items, then the preferred solution gets populated. When there are multiple vendor solutions included in one NVD entry, the preferred solution isn't populated because there's more than one highest superseding solution. In this case, you must manually select a solution. For third-party vulnerabilities, the preferred solution gets populated only if you add the corresponding scanner mapping.

Procedure

  1. Navigate to Vulnerability Response > Administration > Setup Assistant > Integration Configuration > Solution Integrations > Common Security Advisory Framework.
  2. Select Add Integration.
  3. On the form, fill in the fields.
    Table 1. Import CSAF form
    Field Description
    Import type Type of import. Select URL.
    Name Unique name for the integration.
    Single vendor Select this option if you are importing CSAF from one vendor.
    Vendor Name of the vendor. This field is only available if you select Single Vendor.
    Note: The Source field of the solutions is populated with the Vendor name.
    Multi Vendor Select this option if you are importing CSAF from multiple vendors.
    Aggregator A trusted provider whose solution you can import.
    URL URL from which you want to fetch the solution data in the CSAF format.
    Schedule Frequency at which the data must be updated.
    Note: If the status tag of CSAF shows “FINAL”, then the field is automatically set to On Demand to prevent unnecessary runs.
    Day Day of the week when you want the data to get updated.
    Time Time of the week when you want the data to get updated.
    Scanner Mappings
    Note: The Scanner Mappings section is optional for CSAF.
    Scanner source Option to select the source of the third-party entry (TPE).
    Vulnerability column Option to select the keyword.
    Keywords Option to enter the keyword for searching the selected vulnerability column.
  4. Select Finish.