Consistently failing NIST NVD Unmapped CPE integration.

GudiyaYadav
Tera Contributor

‎12-24-2024 04:19 AM

Hello Community,

 

I am trying to run the NIST National Vulnerability Database Integration - API (Unmapped CPE) but it is failing with the error message 'Attempting retry with process VINTPRC00******. Error: Invalid response code received from NVD: 403. Encountered process error running the integration'. Any idea how to troubleshoot this issue?

 

Thank You!

0 Helpfuls
  • 1,162 Views
1 REPLY 1

andy_ojha
ServiceNow Employee
ServiceNow Employee

‎12-24-2024 10:18 AM

Hey there,

A few things to check on:

 

1) What version of the Store App for VR Integration w/ NVD are you using?

 -  Is it newer than v1.4.2?

 

2) Ensure we are using a valid NIST API key for the integration(s) here 
 - https://www.servicenow.com/community/secops-vr-forum-read-only/nist-nvd-unmapped-cpe-integration-inv...
 - If you are not employing an API Key from. NIST, you should obtain one and re-test ... 


3) If we have multiple NOW Instance(s) running the NIST integrations at the same time, AND using the same API key - we should stagger the scheduling of these jobs to not overlap

4) We have seen situations where the data from NIST NVD for CPEs - has grown recently and integration we have with VR may need some tuning, specifcally around the page size to handle this 
  - This helps reduce the file sizes down below 100MB for ServiceNow to process, in a 60 min window 
  - If file sizes are beyond 100MB the integration processing will error out 
  - If the files being processed take more than an hour, the integration processing will error out 

  - As of now, 150 seems to be the sweet spot for the Unmapped CPE page sizing (baseline it is 500)
    -> 'page_size_for_unmapped_cpe'

 

andy_ojha_0-1735064249813.png

 

 

 

0 Helpfuls