Import Common Security Advisory Framework (CSAF) data through CSAF URL

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:5分

    • Import CSAF data by configuring the vendor URL in the Setup Assistant.

    始める前に

    Role required: sn_vul.vulnerability_admin, sn_vul.admin (deprecated), or admin

    このタスクについて

    When the integration runs, data is fetched from the URL that gets parsed. Data is then stored in the sn_vul_solution table with source as the vendor name.
    注:
    The URL can either be a direct CSAF payload, which contains the advisory details, or a Resource-Oriented Lightweight Information Exchange (ROLIE) Feed URL. In either case, the payload is parsed accordingly and the solution records are created. Complete the following steps for CSAF URL import.

    You can also import vulnerability solutions from CSAF Aggregators or Trusted Providers through a URL import that supports ROLIE Feed. These vulnerability solutions are automatically mapped to the correct vendor and vulnerable items (VITs) based on the Common Vulnerabilities and Exposures (CVEs).

    Scanner mapping isn't applicable for National Vulnerability Database (NVD) based vulnerabilities, which are vulnerabilities with a Common Vulnerability Entry (CVE) in the NVD database.

    If you only have one highest superseding solution and it rolls down to the vulnerable items, then the preferred solution gets populated. When there are multiple vendor solutions included in one NVD entry, the preferred solution isn't populated because there's more than one highest superseding solution. In this case, you must manually select a solution. For third-party vulnerabilities, the preferred solution gets populated only if you add the corresponding scanner mapping.

    手順

    1. Navigate to Vulnerability Response > Administration > Setup Assistant > Integration Configuration > Solution Integrations > Common Security Advisory Framework.
    2. Select Add Integration.
    3. On the form, fill in the fields.
      表 : 1. Import CSAF form
      Field Description
      Import type Type of import. Select URL.
      Name Unique name for the integration.
      Single vendor Select this option if you are importing CSAF from one vendor.
      Vendor Name of the vendor. This field is only available if you select Single Vendor.
      注:
      The Source field of the solutions is populated with the Vendor name.
      Multi Vendor Select this option if you are importing CSAF from multiple vendors.
      Aggregator A trusted provider whose solution you can import.
      URL URL from which you want to fetch the solution data in the CSAF format.
      Schedule Frequency at which the data must be updated.
      注:
      If the status tag of CSAF shows “FINAL”, then the field is automatically set to On Demand to prevent unnecessary runs.
      Day Day of the week when you want the data to get updated.
      Time Time of the week when you want the data to get updated.
      Scanner Mappings
      注:
      The Scanner Mappings section is optional for CSAF.
      Scanner source Option to select the source of the third-party entry (TPE).
      Vulnerability column Option to select the keyword.
      Keywords Option to enter the keyword for searching the selected vulnerability column.
    4. Select Finish.