The NIST National Vulnerability Database (NVD) is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables the automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
This document provides information about the NIST National Vulnerability Database Connector, which facilitates automated interactions, with a NIST National Vulnerability Database server using FortiSOAR™ playbooks. Add the NIST National Vulnerability Database Connector as a step in FortiSOAR™ playbooks and perform automated operations with NIST National Vulnerability Database.
Connector Version: 1.0.1
Authored By: Fortinet
Certified: No
Following enhancements have been made to the NIST National Vulnerability Database Connector in version 1.0.1:
Filter by CVE ID
Use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum
command as a root user to install the connector:
yum install cyops-connector-nist-nvd
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the NIST National Vulnerability Database connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | The URL of the NIST NVD server to which you will connect and perform the automated operations. |
API Key | The API key used to access the NIST NVD server to which you will connect and perform the automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set to True . |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™:
Function | Description | Annotation and Category |
---|---|---|
Get Specific CVE ID Details | Retrieves the details of a specific vulnerability based on the Common Vulnerabilities and Exposures Identifier (CVE ID) you have specified. | get_specific_cve_details Investigation |
Advance CVE Search | Retrieves a list of CVE IDs based on the filter criteria you have specified. | advance_cve_search Investigation |
CVE Search by Keywords | Retrieves CVEs from the National Vulnerability Database (NVD) based on the keywords you have specified. | cve_search_by_keywords Investigation |
Get CVE Change History | Retrieves information on changes made to a CVE based on the CVE ID and Change Event type you have specified. | get_cve_change_history Investigation |
CPE Search | Retrieves information about the Common Platform Enumeration(CPE) records from the official CPE Dictionary in National Vulnerability Database(NVD) based on the CPE Name ID you have specified. | cpe_search Investigation |
Parameter | Description |
---|---|
CVE ID | Specify the CVE ID to retrieve its details from National Vulnerability Database(NVD). |
The output contains the following populated JSON schema:
{
"format": "",
"version": "",
"timestamp": "",
"startIndex": "",
"totalResults": "",
"resultsPerPage": "",
"vulnerabilities": [
{
"cve": {
"id": "",
"metrics": {
"cvssMetricV2": [
{
"type": "",
"source": "",
"cvssData": {
"version": "",
"baseScore": "",
"accessVector": "",
"vectorString": "",
"authentication": "",
"integrityImpact": "",
"accessComplexity": "",
"availabilityImpact": "",
"confidentialityImpact": ""
},
"acInsufInfo": "",
"impactScore": "",
"baseSeverity": "",
"obtainAllPrivilege": "",
"exploitabilityScore": "",
"obtainUserPrivilege": "",
"obtainOtherPrivilege": "",
"userInteractionRequired": ""
}
],
"cvssMetricV31": [
{
"type": "",
"source": "",
"cvssData": {
"scope": "",
"version": "",
"baseScore": "",
"attackVector": "",
"baseSeverity": "",
"vectorString": "",
"integrityImpact": "",
"userInteraction": "",
"attackComplexity": "",
"availabilityImpact": "",
"privilegesRequired": "",
"confidentialityImpact": ""
},
"impactScore": "",
"exploitabilityScore": ""
}
]
},
"published": "",
"references": [
{
"url": "",
"tags": [],
"source": ""
}
],
"vulnStatus": "",
"weaknesses": [
{
"type": "",
"source": "",
"description": [
{
"lang": "",
"value": ""
}
]
}
],
"descriptions": [
{
"lang": "",
"value": ""
}
],
"lastModified": "",
"configurations": [
{
"nodes": [
{
"negate": "",
"cpeMatch": [
{
"criteria": "",
"vulnerable": "",
"matchCriteriaId": "",
"versionEndExcluding": ""
}
],
"operator": ""
}
]
}
],
"sourceIdentifier": ""
}
}
]
}
Parameter | Description |
---|---|
Filter By CVE ID | Select this checkbox to retrieve CVEs associated with a specific Common Vulnerabilities and Exposures Identifier (CVE ID) from the National Vulnerability Database(NVD). Specify the following details after selecting this checkbox:
|
Filter by CPE Name | Select this checkbox to retrieve CVEs associated with a specific Common Platform Enumeration(CPE) from the National Vulnerability Database(NVD). Specify the following details after selecting this checkbox:
|
Filter By CWE ID | Select this checkbox to retrieve CVEs associated with a specific Common Weakness Enumeration (CWE) ID from the National Vulnerability Database(NVD). Specify the CWE ID after selecting this checkbox:
|
Filter By CVSSv2 Metrics | Select this checkbox to retrieve CVEs associated with a specified CVSSv2 string from the National Vulnerability Database(NVD). Specify the following details after selecting this checkbox:
|
Filter By CVSSv3 Metrics | Select this checkbox to retrieve CVEs associated with a specified CVSSv3 string from the National Vulnerability Database(NVD). Specify the following details after selecting this checkbox:
|
Use Search Flags | Select from the following available options to retrieve CVEs associated with the selected search flags:
|
Filter By Publish Date | Select this checkbox to retrieve a CVE list that was published to the NVD during the specified period.
|
Filter By Last Modified Date | Select this checkbox to retrieve a CVE list that was modified in the NVD during the specified period. If you choose 'true'
|
Page Index | (Optional) Specify the count of the first few records to skip while retrieving the response. |
Page Size | (Optional) Specify the maximum number of results to get in the resulting output. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"format": "",
"version": "",
"timestamp": "",
"startIndex": "",
"totalResults": "",
"resultsPerPage": "",
"vulnerabilities": [
{
"cve": {
"id": "",
"metrics": {
"cvssMetricV2": [
{
"type": "",
"source": "",
"cvssData": {
"version": "",
"baseScore": "",
"accessVector": "",
"vectorString": "",
"authentication": "",
"integrityImpact": "",
"accessComplexity": "",
"availabilityImpact": "",
"confidentialityImpact": ""
},
"acInsufInfo": "",
"impactScore": "",
"baseSeverity": "",
"obtainAllPrivilege": "",
"exploitabilityScore": "",
"obtainUserPrivilege": "",
"obtainOtherPrivilege": "",
"userInteractionRequired": ""
}
],
"cvssMetricV31": [
{
"type": "",
"source": "",
"cvssData": {
"scope": "",
"version": "",
"baseScore": "",
"attackVector": "",
"baseSeverity": "",
"vectorString": "",
"integrityImpact": "",
"userInteraction": "",
"attackComplexity": "",
"availabilityImpact": "",
"privilegesRequired": "",
"confidentialityImpact": ""
},
"impactScore": "",
"exploitabilityScore": ""
}
]
},
"published": "",
"references": [
{
"url": "",
"tags": [],
"source": ""
}
],
"vulnStatus": "",
"weaknesses": [
{
"type": "",
"source": "",
"description": [
{
"lang": "",
"value": ""
}
]
}
],
"descriptions": [
{
"lang": "",
"value": ""
}
],
"lastModified": "",
"configurations": [
{
"nodes": [
{
"negate": "",
"cpeMatch": [
{
"criteria": "",
"vulnerable": "",
"matchCriteriaId": "",
"versionEndExcluding": ""
}
],
"operator": ""
}
]
}
],
"sourceIdentifier": ""
}
}
]
}
Parameter | Description |
---|---|
Keyword(s) | Specify the keywords to search for in the CVE's description and return the CVEs that match all the keywords specified. |
Page Index | (Optional) Specify the count of the first few records to skip while retrieving the response. |
Page Size | (Optional) Specify the maximum number of results to get in the resulting output. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"format": "",
"version": "",
"timestamp": "",
"startIndex": "",
"totalResults": "",
"resultsPerPage": "",
"vulnerabilities": [
{
"cve": {
"id": "",
"metrics": {
"cvssMetricV2": [
{
"type": "",
"source": "",
"cvssData": {
"version": "",
"baseScore": "",
"accessVector": "",
"vectorString": "",
"authentication": "",
"integrityImpact": "",
"accessComplexity": "",
"availabilityImpact": "",
"confidentialityImpact": ""
},
"acInsufInfo": "",
"impactScore": "",
"baseSeverity": "",
"obtainAllPrivilege": "",
"exploitabilityScore": "",
"obtainUserPrivilege": "",
"obtainOtherPrivilege": "",
"userInteractionRequired": ""
}
]
},
"published": "",
"references": [
{
"url": "",
"tags": [],
"source": ""
}
],
"vulnStatus": "",
"weaknesses": [
{
"type": "",
"source": "",
"description": [
{
"lang": "",
"value": ""
}
]
}
],
"descriptions": [
{
"lang": "",
"value": ""
}
],
"lastModified": "",
"configurations": [
{
"nodes": [
{
"negate": "",
"cpeMatch": [
{
"criteria": "",
"vulnerable": "",
"matchCriteriaId": ""
}
],
"operator": ""
}
]
}
],
"sourceIdentifier": ""
}
}
]
}
Parameter | Description |
---|---|
CVE ID | (Optional) Specify the CVE ID to get the complete change history for a specific vulnerability identified by its unique Common Vulnerabilities and Exposures identifier (CVE ID). |
Change Event Type | Select one of the following options to retrieve all CVEs associated with the specified change event type.
|
Filter By Change Date | Select this checkbox to retrieve a CVE list where CVEs were changed in the NVD during the specified period. If you choose 'true'
|
Page Index | (Optional) Specify the count of the first few records to skip while retrieving the response. |
Page Size | (Optional) Specify the maximum number of results to get in the resulting output. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"resultsPerPage": "",
"startIndex": "",
"totalResults": "",
"format": "",
"version": "",
"timestamp": "",
"cveChanges": [
{
"change": {
"cveId": "",
"eventName": "",
"cveChangeId": "",
"sourceIdentifier": "",
"created": "",
"details": [
{
"action": "",
"type": "",
"newValue": ""
}
]
}
}
]
}
Parameter | Description |
---|---|
Filter By | Select an option from the following to filter the search information of a CPE record. Select an option and specify the value as described:
|
Use Last Modified Date | Select this checkbox to retrieve any CPE where CPEs were last modified during the specified period. If you choose 'true'
|
Page Index | (Optional) Specify the count of the first few records to skip while retrieving the response. |
Page Size | (Optional) Specify the maximum number of results to get in the resulting output. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"format": "",
"version": "",
"products": [
{
"cpe": {
"refs": [
{
"ref": ""
}
],
"titles": [
{
"lang": "",
"title": ""
}
],
"cpeName": "",
"created": "",
"cpeNameId": "",
"deprecated": "",
"deprecatedBy": [
{
"cpeName": "",
"cpeNameId": ""
}
],
"lastModified": ""
}
}
],
"timestamp": "",
"startIndex": "",
"totalResults": "",
"resultsPerPage": ""
}
The Sample - NIST National Vulnerability Database - 1.0.1
playbook collection comes bundled with the NIST National Vulnerability Database connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the NIST National Vulnerability Database connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
The NIST National Vulnerability Database (NVD) is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables the automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
This document provides information about the NIST National Vulnerability Database Connector, which facilitates automated interactions, with a NIST National Vulnerability Database server using FortiSOAR™ playbooks. Add the NIST National Vulnerability Database Connector as a step in FortiSOAR™ playbooks and perform automated operations with NIST National Vulnerability Database.
Connector Version: 1.0.1
Authored By: Fortinet
Certified: No
Following enhancements have been made to the NIST National Vulnerability Database Connector in version 1.0.1:
Filter by CVE ID
Use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum
command as a root user to install the connector:
yum install cyops-connector-nist-nvd
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the NIST National Vulnerability Database connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | The URL of the NIST NVD server to which you will connect and perform the automated operations. |
API Key | The API key used to access the NIST NVD server to which you will connect and perform the automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set to True . |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™:
Function | Description | Annotation and Category |
---|---|---|
Get Specific CVE ID Details | Retrieves the details of a specific vulnerability based on the Common Vulnerabilities and Exposures Identifier (CVE ID) you have specified. | get_specific_cve_details Investigation |
Advance CVE Search | Retrieves a list of CVE IDs based on the filter criteria you have specified. | advance_cve_search Investigation |
CVE Search by Keywords | Retrieves CVEs from the National Vulnerability Database (NVD) based on the keywords you have specified. | cve_search_by_keywords Investigation |
Get CVE Change History | Retrieves information on changes made to a CVE based on the CVE ID and Change Event type you have specified. | get_cve_change_history Investigation |
CPE Search | Retrieves information about the Common Platform Enumeration(CPE) records from the official CPE Dictionary in National Vulnerability Database(NVD) based on the CPE Name ID you have specified. | cpe_search Investigation |
Parameter | Description |
---|---|
CVE ID | Specify the CVE ID to retrieve its details from National Vulnerability Database(NVD). |
The output contains the following populated JSON schema:
{
"format": "",
"version": "",
"timestamp": "",
"startIndex": "",
"totalResults": "",
"resultsPerPage": "",
"vulnerabilities": [
{
"cve": {
"id": "",
"metrics": {
"cvssMetricV2": [
{
"type": "",
"source": "",
"cvssData": {
"version": "",
"baseScore": "",
"accessVector": "",
"vectorString": "",
"authentication": "",
"integrityImpact": "",
"accessComplexity": "",
"availabilityImpact": "",
"confidentialityImpact": ""
},
"acInsufInfo": "",
"impactScore": "",
"baseSeverity": "",
"obtainAllPrivilege": "",
"exploitabilityScore": "",
"obtainUserPrivilege": "",
"obtainOtherPrivilege": "",
"userInteractionRequired": ""
}
],
"cvssMetricV31": [
{
"type": "",
"source": "",
"cvssData": {
"scope": "",
"version": "",
"baseScore": "",
"attackVector": "",
"baseSeverity": "",
"vectorString": "",
"integrityImpact": "",
"userInteraction": "",
"attackComplexity": "",
"availabilityImpact": "",
"privilegesRequired": "",
"confidentialityImpact": ""
},
"impactScore": "",
"exploitabilityScore": ""
}
]
},
"published": "",
"references": [
{
"url": "",
"tags": [],
"source": ""
}
],
"vulnStatus": "",
"weaknesses": [
{
"type": "",
"source": "",
"description": [
{
"lang": "",
"value": ""
}
]
}
],
"descriptions": [
{
"lang": "",
"value": ""
}
],
"lastModified": "",
"configurations": [
{
"nodes": [
{
"negate": "",
"cpeMatch": [
{
"criteria": "",
"vulnerable": "",
"matchCriteriaId": "",
"versionEndExcluding": ""
}
],
"operator": ""
}
]
}
],
"sourceIdentifier": ""
}
}
]
}
Parameter | Description |
---|---|
Filter By CVE ID | Select this checkbox to retrieve CVEs associated with a specific Common Vulnerabilities and Exposures Identifier (CVE ID) from the National Vulnerability Database(NVD). Specify the following details after selecting this checkbox:
|
Filter by CPE Name | Select this checkbox to retrieve CVEs associated with a specific Common Platform Enumeration(CPE) from the National Vulnerability Database(NVD). Specify the following details after selecting this checkbox:
|
Filter By CWE ID | Select this checkbox to retrieve CVEs associated with a specific Common Weakness Enumeration (CWE) ID from the National Vulnerability Database(NVD). Specify the CWE ID after selecting this checkbox:
|
Filter By CVSSv2 Metrics | Select this checkbox to retrieve CVEs associated with a specified CVSSv2 string from the National Vulnerability Database(NVD). Specify the following details after selecting this checkbox:
|
Filter By CVSSv3 Metrics | Select this checkbox to retrieve CVEs associated with a specified CVSSv3 string from the National Vulnerability Database(NVD). Specify the following details after selecting this checkbox:
|
Use Search Flags | Select from the following available options to retrieve CVEs associated with the selected search flags:
|
Filter By Publish Date | Select this checkbox to retrieve a CVE list that was published to the NVD during the specified period.
|
Filter By Last Modified Date | Select this checkbox to retrieve a CVE list that was modified in the NVD during the specified period. If you choose 'true'
|
Page Index | (Optional) Specify the count of the first few records to skip while retrieving the response. |
Page Size | (Optional) Specify the maximum number of results to get in the resulting output. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"format": "",
"version": "",
"timestamp": "",
"startIndex": "",
"totalResults": "",
"resultsPerPage": "",
"vulnerabilities": [
{
"cve": {
"id": "",
"metrics": {
"cvssMetricV2": [
{
"type": "",
"source": "",
"cvssData": {
"version": "",
"baseScore": "",
"accessVector": "",
"vectorString": "",
"authentication": "",
"integrityImpact": "",
"accessComplexity": "",
"availabilityImpact": "",
"confidentialityImpact": ""
},
"acInsufInfo": "",
"impactScore": "",
"baseSeverity": "",
"obtainAllPrivilege": "",
"exploitabilityScore": "",
"obtainUserPrivilege": "",
"obtainOtherPrivilege": "",
"userInteractionRequired": ""
}
],
"cvssMetricV31": [
{
"type": "",
"source": "",
"cvssData": {
"scope": "",
"version": "",
"baseScore": "",
"attackVector": "",
"baseSeverity": "",
"vectorString": "",
"integrityImpact": "",
"userInteraction": "",
"attackComplexity": "",
"availabilityImpact": "",
"privilegesRequired": "",
"confidentialityImpact": ""
},
"impactScore": "",
"exploitabilityScore": ""
}
]
},
"published": "",
"references": [
{
"url": "",
"tags": [],
"source": ""
}
],
"vulnStatus": "",
"weaknesses": [
{
"type": "",
"source": "",
"description": [
{
"lang": "",
"value": ""
}
]
}
],
"descriptions": [
{
"lang": "",
"value": ""
}
],
"lastModified": "",
"configurations": [
{
"nodes": [
{
"negate": "",
"cpeMatch": [
{
"criteria": "",
"vulnerable": "",
"matchCriteriaId": "",
"versionEndExcluding": ""
}
],
"operator": ""
}
]
}
],
"sourceIdentifier": ""
}
}
]
}
Parameter | Description |
---|---|
Keyword(s) | Specify the keywords to search for in the CVE's description and return the CVEs that match all the keywords specified. |
Page Index | (Optional) Specify the count of the first few records to skip while retrieving the response. |
Page Size | (Optional) Specify the maximum number of results to get in the resulting output. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"format": "",
"version": "",
"timestamp": "",
"startIndex": "",
"totalResults": "",
"resultsPerPage": "",
"vulnerabilities": [
{
"cve": {
"id": "",
"metrics": {
"cvssMetricV2": [
{
"type": "",
"source": "",
"cvssData": {
"version": "",
"baseScore": "",
"accessVector": "",
"vectorString": "",
"authentication": "",
"integrityImpact": "",
"accessComplexity": "",
"availabilityImpact": "",
"confidentialityImpact": ""
},
"acInsufInfo": "",
"impactScore": "",
"baseSeverity": "",
"obtainAllPrivilege": "",
"exploitabilityScore": "",
"obtainUserPrivilege": "",
"obtainOtherPrivilege": "",
"userInteractionRequired": ""
}
]
},
"published": "",
"references": [
{
"url": "",
"tags": [],
"source": ""
}
],
"vulnStatus": "",
"weaknesses": [
{
"type": "",
"source": "",
"description": [
{
"lang": "",
"value": ""
}
]
}
],
"descriptions": [
{
"lang": "",
"value": ""
}
],
"lastModified": "",
"configurations": [
{
"nodes": [
{
"negate": "",
"cpeMatch": [
{
"criteria": "",
"vulnerable": "",
"matchCriteriaId": ""
}
],
"operator": ""
}
]
}
],
"sourceIdentifier": ""
}
}
]
}
Parameter | Description |
---|---|
CVE ID | (Optional) Specify the CVE ID to get the complete change history for a specific vulnerability identified by its unique Common Vulnerabilities and Exposures identifier (CVE ID). |
Change Event Type | Select one of the following options to retrieve all CVEs associated with the specified change event type.
|
Filter By Change Date | Select this checkbox to retrieve a CVE list where CVEs were changed in the NVD during the specified period. If you choose 'true'
|
Page Index | (Optional) Specify the count of the first few records to skip while retrieving the response. |
Page Size | (Optional) Specify the maximum number of results to get in the resulting output. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"resultsPerPage": "",
"startIndex": "",
"totalResults": "",
"format": "",
"version": "",
"timestamp": "",
"cveChanges": [
{
"change": {
"cveId": "",
"eventName": "",
"cveChangeId": "",
"sourceIdentifier": "",
"created": "",
"details": [
{
"action": "",
"type": "",
"newValue": ""
}
]
}
}
]
}
Parameter | Description |
---|---|
Filter By | Select an option from the following to filter the search information of a CPE record. Select an option and specify the value as described:
|
Use Last Modified Date | Select this checkbox to retrieve any CPE where CPEs were last modified during the specified period. If you choose 'true'
|
Page Index | (Optional) Specify the count of the first few records to skip while retrieving the response. |
Page Size | (Optional) Specify the maximum number of results to get in the resulting output. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"format": "",
"version": "",
"products": [
{
"cpe": {
"refs": [
{
"ref": ""
}
],
"titles": [
{
"lang": "",
"title": ""
}
],
"cpeName": "",
"created": "",
"cpeNameId": "",
"deprecated": "",
"deprecatedBy": [
{
"cpeName": "",
"cpeNameId": ""
}
],
"lastModified": ""
}
}
],
"timestamp": "",
"startIndex": "",
"totalResults": "",
"resultsPerPage": ""
}
The Sample - NIST National Vulnerability Database - 1.0.1
playbook collection comes bundled with the NIST National Vulnerability Database connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the NIST National Vulnerability Database connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.