Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

NIST National Vulnerability Database Integration - API (CPE only) - ??

Don Dom
Tera Contributor

Hello.

 

We have enabled "NIST National Vulnerability Database Integration - API (CVE only) "

As per documentation and even a labs from SN course.

DonDom_0-1753357492898.png

 

It's loading data to: "sn_vul_entry"

 

What I see in the list is also:

NIST National Vulnerability Database Integration - API (CPE only) 

NIST National Vulnerability Database Integration - API (Unmapped CPE) 

 

What exactly is "NIST National Vulnerability Database Integration - API (CPE only) "?

To which table it will be loaded?

The same as "NIST National Vulnerability Database Integration - API (CVE only) " ? sn_vul_entry ?

 

Activation of this interface is with the same exact API Key requested as  for CVE?

 

Please advise

Thx

1 REPLY 1

PeriyasamyP
Tera Guru

NIST National Vulnerability Database Integration - API (CVE only), Loads the CVE information in table called "National Vulnerability Database Entries (sn_vul_nvd_entry)". And refer script include "NVDAPIProcessor" to understand how data is processed and added into target table.

 

NIST National Vulnerability Database Integration - API (CPE only),  Loads software affected by vulnerabilities in table called "Vulnerable Software (sn_vul_software)" and mapping between CVE and this sofwatre is stored in m2m table called "Vulnerability Software (sn_vul_m2m_entry_software)".  And refer script include "NVDAPICPEProcessor" to understand how data is processed and added into target table.