VaranAwesomenow
Mega Sage
Options
- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
an hour ago
Here is a clearer and more polished rephrasing:
Use case: Loading CVE data into a self‑hosted environment is challenging because integration with NVD APIs is not possible. Therefore, a file‑based approach is the most practical option. The approach is outlined below.
How the IBM Build Agent (IBM Bob) helped:
1. It validated that cve.org is the correct data source and highlighted the differences between NVD and cve.org, including when each database should be used.
2. It generated the PowerShell script and executed it to convert JSON‑based CVE files into CSV format.
3. It answered validation questions and helped confirm that the CVE data produced in CSV format was accurate.
Download cve.zip from https://www.cve.org/Downloads look for file main.zip
Extract it locally.
Run below powershell code to extract the CVE ID and description to create a csv file with just these two columns.
Load this file to ServiceNow using data source and transform map.
# PowerShell script to extract CVE data to CSV
# Base path to CVE files
$basePath = "<path to extracted folder>\cves"
# Output CSV file
$outputFile = "cve_data.csv"
# Counter for files processed
$filesProcessed = 0
$maxFiles = 100
# Array to store CVE data
$cveData = @()
# Get all JSON files recursively (excluding delta files)
$jsonFiles = Get-ChildItem -Path $basePath -Filter "*.json" -Recurse |
Where-Object { $_.Name -ne "delta.json" -and $_.Name -ne "deltaLog.json" } |
Select-Object -First $maxFiles
Write-Host "Found $($jsonFiles.Count) JSON files to process..."
foreach ($file in $jsonFiles) {
if ($filesProcessed -ge $maxFiles) {
break
}
try {
# Read and parse JSON file
$jsonContent = Get-Content -Path $file.FullName -Raw -Encoding UTF8 | ConvertFrom-Json
# Extract CVE ID
$cveId = $jsonContent.cveMetadata.cveId
if (-not $cveId) {
$cveId = "N/A"
}
# Extract English description
$description = "N/A"
$descriptions = $jsonContent.containers.cna.descriptions
if ($descriptions) {
foreach ($desc in $descriptions) {
if ($desc.lang -eq "en") {
$description = $desc.value
break
}
}
}
# Add to array
$cveData += [PSCustomObject]@{
CVE_ID = $cveId
Description = $description
}
$filesProcessed++
Write-Host "Processed $filesProcessed : $cveId"
} catch {
Write-Host "Error processing $($file.FullName): $_" -ForegroundColor Yellow
continue
}
}
# Export to CSV
$cveData | Export-Csv -Path $outputFile -NoTypeInformation -Encoding UTF8
Write-Host "`nCompleted! Processed $filesProcessed CVE files."
Write-Host "Output saved to: $outputFile"
# Made with Bob
Sample data generated
"CVE_ID","Description"
"CVE-1999-0001","ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets."
"CVE-1999-0002","Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems."
"CVE-1999-0003","Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd)."
"CVE-1999-0004","MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook."
"CVE-1999-0005","Arbitrary command execution via IMAP buffer overflow in authenticate command."
