Can SeqOps-VR only import vulnerability information from NVD?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-29-2024 07:04 PM
SeqOps-VR's function is to capture vulnerability information from third-party vulnerability scanners, such as the National Vulnerability Database (NVD) and Rapid7, and generate Vulnerability Items (VI).
In this case, is it possible to use a series of functions of SeqOps-VR, such as generating Vulnerability Items (VI), even if the imported vulnerability information is only from NVD?
Or is it also necessary to import vulnerability information from a third-party vulnerability scanner such as Rapid7 in addition to the NVD?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-29-2024 07:22 PM
The CI lookup rules at the following URL states that a third-party product is required to link vulnerability information with CI (host information received during import of third-party vulnerability integration).
Is it still necessary to import vulnerability information from a third party product, as NVD alone cannot create vulnerability items?
>The CI Lookup Rules module contains rules that are used to find the matching record for host information received during third-party vulnerability integration imports.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-29-2024 09:25 PM
@Ohki_Yamamoto Yes, it is possible to use SeqOps-VR's functions, such as generating Vulnerability Items (VI), even if the imported vulnerability information is only from the National Vulnerability Database (NVD). SeqOps-VR typically relies on its ability to process the vulnerability information it receives, regardless of the source, provided the data is in the correct format and contains the necessary attributes.
Third-party scanners like Rapid7 often complement NVD data by adding real-time scan results, asset-specific information, and more detailed context about affected systems. If your use case requires this type of information (e.g., identifying vulnerabilities specific to your environment), integrating data from Rapid7 or other scanners becomes necessary.
Hope this will help you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-02-2024 01:11 AM
Thank you very much.
I understand that even if the imported vulnerability information is only from the National Vulnerability Database (NVD), I can still use SeqOps-VR features such as generating Vulnerability Items (VIs).
The NVD table seems to be based on CVE numbers and text describing the vulnerability, but how do you match those numbers with the CI?
Since CI lookup rules can implement scripts, will the NVD table be analyzed to extract FQDNs, hostnames, etc. from the text of the vulnerability contents, and will a complex process such as matching CIs be implemented?
When creating a CI lookup rule, we assume that there is some assumed use case since the NVD can be selected as the source as input for the rule.
