Import Common Security Advisory Framework data from advisories

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:6分

    • Import CSAF data from advisories by configuring the vendor URL with import type as API.

    始める前に

    Role required: sn_vul.vulnerability_admin, sn_vul.admin (deprecated), or admin

    このタスクについて

    When the integration runs, the advisories are fetched. The CSAF URL and advisories ID are extracted from the payload. The REST API calls are made for each CSAF URL, and data is parsed and stored in the sn_vul_solution table.

    Scanner mapping isn't applicable for National Vulnerability Database (NVD) based vulnerabilities, which are vulnerabilities with a Common Vulnerability Entry (CVE) in the NVD database.

    If you only have one highest superseding solution and it rolls down to the vulnerable items, then the preferred solution gets populated. When there are multiple vendor solutions included in one NVD entry, the preferred solution isn't populated because there's more than one highest superseding solution. In this case, you must manually select a solution. For third-party vulnerabilities, the preferred solution gets populated only if you add the corresponding scanner mapping.

    手順

    1. Navigate to Vulnerability Response > Administration > Setup Assistant > Integration Configuration > Solution Integrations > Common Security Advisory Framework.
    2. Select Add Integration.
    3. On the form, fill in the fields.
      表 : 1. Import solution advisories form
      Field Description
      Import type Option to select the import type. Select API.
      Name Unique name for the integration.
      Vendor Name of the vendor.
      注:
      The Source field of the solutions is populated with the Vendor name.
      Connection alias Option to select an authenticated credential.
      注:
      The sys_alias table stores credentials and the base URL for advisories.
      Schedule Frequency at which the data must be updated.
      Day Day of the week when you want the data to get updated.
      Time Time of the week when you want the data to get updated.
      API Configuration
      Flow Option to select the flow.

      The flow gets triggered when the scheduler gets executed. The flow takes care of parsing advisories and extracts the CSAF URL and stores those details in the update tables. You can copy the existing flow and edit as required. For example, you can make changes related to pagination.
      Flow action Option to select the flow action.

      Flow actions take care of the sliding window capability. You can update the flow actions and add the query parameter directly to the action by dragging.
      Mapping Table Option to select the mapping table.

      The record of the Enrichment Data Mapping Table is used for extracting the CSAF URL and Advisory ID from the payload of advisories.
      Advisories from response Option to enter the tag name from the payload of advisories from where the list of advisories can be extracted.
      Filter Criteria
      Time range parameters Option to select the time range for the request and the date format for API calls.

      Start Date/End Date Request parameter is the parameter name used for start date and end date during API calls. For example, StartDate, start_date, endDate, end_date.
      Date format Option to enter the date format, such as, mm/dd/yyyy..

      The date format is the format that the API needs for filtering. Formats that are not supported by GlideDate do not work.
      Initial range in days Enter the days for which the data must be fetched when the scheduler is first executed.
      For subsequent runs, the sliding window mechanism is followed.
      注:
      If you do not want to select a time range, select No Parameters.
      Scanner mappings
      Scanner Source Option to select the source of the third-party entry (TPE).
      Vulnerability column Option to select the keyword.
      Keywords Option to enter the keyword for searching the selected vulnerability column.
    4. Select Finish.