Skip to main content

NIST NVD

The NVD (National Vulnerability Database) from NIST (National Institute of Standards and Technology) provides vulnerability management data based on the Security Content Automation Protocol (SCAP). The NIST NVD connector retrieves Common Vulnerability and Exposures (CVE) records, Common Platform Enumeration (CPE) records, and Common Weakness Enumeration (CWE) records from NVD. You can bring these findings into Brinqa to construct a unified view of your attack surface and strengthen your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with NIST NVD and how to obtain that information from NIST NVD. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select NIST NVD from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate NIST NVD with Brinqa:

  • Service URL: The NIST NVD Service URL. The default URL is https://services.nvd.nist.gov.

  • API Key: The access key associated with the NIST NVD account, which must have permissions to log in to the API server and return data.

Generate a NIST NVD API key

For the NIST NVD connector to use the NIST NVD API, you must provide the API keys from NIST NVD. To obtain an API key, follow these steps:

  1. Navigate to NIST NVD's developer portal.

  2. Fill in the organization name and email address, and then select the organization type from the drop-down.

  3. Agree to the Terms of Use and click Submit. An email is sent to the email address from the previous step.

  4. Click the link in the email from nvd-noreply@nist-gov.

  5. A new tab containing the new API key opens in your browser. Copy the API key and save it in a safe and secure location.

note

You can not view the API key again. If you lose or forget the key, you must request a new one. For additional information, see NIST NVD documentation.

Additional settings

The NIST NVD connector contains additional options for specific configuration:

  • Parallel requests: The maximum number of parallel API requests. The default setting is 2.

  • Maximum retries: The maximum number of times that the integration attempts to connect to the NIST NVD APIs before giving up and reporting a failure. The default setting is 10.

Types of data to retrieve

The NIST NVD connector can retrieve the following types of data from the NIST NVD API:

Table 1: Data retrieved from NIST NVD

Connector ObjectRequiredMaps to Data Model
ProductNoNot mapped
VulnerabilityYesCVE record
WeaknessYesWeakness
info

The NIST NVD connector does not currently support operation options for the types of data it retrieves.

For detailed steps on how to view the data retrieved from NIST NVD in the Brinqa Platform, see How to view your data.

Attribute mappings

Expand the sections below to view the mappings between the source and the Brinqa data model attributes.

Vulnerability

Table 2: Vulnerability attribute mappings

Source Field NameMaps to Attribute
cve.iduid, name
cve.cisaExploitAddcisaAddedDate
cve.cisaActionDuecisaDueDate
cisaExploitedcisaExploited
cve.cisaRequiredActioncisaRequiredAction
cve.cisaVulnerabilityNamecisaVulnerabilityName
cve.englishDescription.valuedescription
cve.publishedpublishedDate
cve.references.urlreferences
cve.lastModifiedsourceLastModified
cve.weaknesses.valueweaknesses
cve.vulnStatusstatus
cve.sourceIdentifierLocal variable
matchString.matches.cpeNameaffected
metric.cvssData.accessComplexitycvssV2Ac
metric.cvssData.availabilityImpactcvssV2Ai, cvssV3Ai
metric.cvssData.authenticationcvssV2Au
metric.cvssData.accessVectorcvssV2Av
metric.cvssData.baseScorecvssV2BaseScore, cvssV3BaseScore
metric.cvssData.confidentialityImpactcvssV2Ci, cvssV3Ci
metric.cvssData.integrityImpactcvssV2Ii, cvssV3Ii
metric.baseSeveritycvssV2Severity
metric.cvssData.vectorStringcvssV2Vector, cvssV3Vector
metric.cvssData.attackComplexitycvssV3Ac
metric.cvssData.attackVectorcvssV3Av
metric.cvssData.privilegesRequiredcvssV3Pr
metric.cvssData.scopecvssV3Scope
metric.cvssData.baseSeveritycvssV3Severity
metric.cvssData.userInteractioncvssV3Ui
severityseverity, Local variable
note

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

Weakness

Table 3: Weakness attribute mappings

Source Field NameMaps to Attribute
categoriescategories
cwe.iduid
cwe.namename
cwe.descriptiondescription
cwe.likelihoodOfExploitexploitability
cwe.relatedWeaknessesLocal variable
note

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

APIs

The NIST NVD connector uses the Product API v2.0 and Vulnerability API v2.0. Specifically, it uses the following endpoints:

Table 4: NIST NVD API Endpoints

Connector ObjectAPI Endpoints
Product/rest/json/cpes/2.0
Vulnerability/rest/json/cpematch/2.0
/rest/json/cves/2.0
Weakness/data/xml/cwec_latest.xml.zip

Changelog

The NIST NVD connector has undergone the following changes:

3.1.11

  • Updated dependencies.

3.1.10

3.1.9

  • Changed the SOURCE_SEVERITY attribute type on the Vulnerability object from string to integer.

3.1.8

  • Fixed an issue that was affecting the retrieval of the AFFECTED attribute on the Vulnerability object.

3.1.7

  • Updated to retrieve weaknesses from upper levels.

  • Updated dependencies.

3.1.6

  • Updated dependencies.

3.1.5

  • Updated its API key for accessing the National Vulnerability Database (NVD).

3.1.0

3.0.5

  • Upgraded to the latest Connector Framework.

3.0.0

Last updated on