NIST National Vulnerability Database Integration - API (CVE only) - Anyone get this to work?

Jason Stuart · ‎10-31-2023

Good Morning,

I am trying to get the NIST National Vulnerability Database Integration - API (CVE only) to do an initial run, and while it does pull back data it constantly errors with 403 (which I am assuming is normal, giving the amount of times the NIST database is getting hit). But it eventually errored out. Error: Invalid response code received from NVD: 0

The question is - has anyone got this out of the box integration to work? If so, is there a time its best to run at? Or am I missing something altogether. I followed the instructions provided by ServiceNow.

andy_ojha · ‎10-31-2023

Hey there,

Have run into this stubborn behavior as well, and you are on the right track.

1) Changing the default time the NVD job runs at, does seem to improve this and minimize the 403 replies we get
- Really seems like making requests at any time that is not the default provides some relief

2) Are you using a valid NVD API key?
- Though, it is technically *optional*, if we make API requests to the NVD without an API key, the rate limiting they impose is much more aggressive
- Using a valid API key greatly reduces the errors / failed responses we see

3) What version of the ServiceNow Store App for NVD are you using?
- The latest version of the Store App (1.3.3) use the brand new v2 API that the NVD has
- Moving to the v2 API has also greatly reduced the errors seen in the API responses received

--------------------------------------------------------

Reference - Adding an API Key for NIST NVD Integration

Grab a NIST API key here -> https://nvd.nist.gov/developers/request-an-api-key

Append it to the Password Value under the 'National Vulnerability Database' Integration Source

View solution in original post

andy_ojha · ‎10-31-2023

Hey there,

Have run into this stubborn behavior as well, and you are on the right track.

1) Changing the default time the NVD job runs at, does seem to improve this and minimize the 403 replies we get
- Really seems like making requests at any time that is not the default provides some relief

2) Are you using a valid NVD API key?
- Though, it is technically *optional*, if we make API requests to the NVD without an API key, the rate limiting they impose is much more aggressive
- Using a valid API key greatly reduces the errors / failed responses we see

3) What version of the ServiceNow Store App for NVD are you using?
- The latest version of the Store App (1.3.3) use the brand new v2 API that the NVD has
- Moving to the v2 API has also greatly reduced the errors seen in the API responses received

--------------------------------------------------------

Reference - Adding an API Key for NIST NVD Integration

Grab a NIST API key here -> https://nvd.nist.gov/developers/request-an-api-key

Append it to the Password Value under the 'National Vulnerability Database' Integration Source

Jason Stuart · ‎11-01-2023

Thanks! This is awesome! I like servicenow's documentation, but sometimes it does seem a bit lacking. (though same can be said about all documentation!)