Generic framework to ingest data from any solution vendor
A generic framework for solution intelligence integration is available to support ingestion of data in different file formats from solution vendors. These formats speed up information exchange and processing and facilitate the sharing of critical security-related information in a standardized reporting format.
The supported file formats are:
- Common Vulnerability Reporting Framework (CVRF)
- The Common Vulnerability Reporting Framework (CVRF) is an XML-based language. Major vendors such as Oracle, Red Hat, Cisco, and Microsoft support the CVRF format.
- Common Security Advisory Framework (CSAF)
- The Common Security Advisory Framework (CSAF) is an open-source standard that provides JSON-based structured, machine-readable security advisories. Major vendors such as Siemens, Red Hat, Hitachi, and Schneider support the CSAF format.
The CVRF or CSAF supported solution management includes the following key features:
- Configuration through Setup Assistant
- Support of importing CVRF or CSAF data through file import
- Support of importing CVRF or CSAF data through CVRF or CSAF URL
- Support of importing CVRF or CSAF data through advisories
- Mapping of solutions with related vulnerabilities
The Vulnerability Response plugin takes care of updating the metrics statuses of the created solution.
For more information on how to configure the solution providers, see Configure vulnerability solution providers.