Skip to main content

NIST NVD

The NVD (National Vulnerability Database) from NIST (National Institute of Standards and Technology) provides vulnerability management data based on the Security Content Automation Protocol (SCAP). The NIST NVD connector retrieves Common Vulnerability and Exposures (CVE) records, Common Platform Enumeration (CPE) records, and Common Weakness Enumeration (CWE) records from NVD. You can bring these findings into Brinqa to construct a unified view of your attack surface and strengthen your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with NIST NVD and how to obtain that information from NIST NVD. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select NIST NVD from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate NIST NVD with Brinqa:

  • Service URL: The NIST NVD Service URL. The default URL is https://services.nvd.nist.gov.

  • API Key: The access key associated with the NIST NVD account, which must have permissions to log in to the API server and return data.

Generate a NIST NVD API key

For the NIST NVD connector to use the NIST NVD API, you must provide the API keys from NIST NVD. To obtain an API key, follow these steps:

  1. Navigate to NIST NVD's developer portal.

  2. Fill in the organization name and email address, and then select the organization type from the drop-down.

  3. Agree to the Terms of Use and click Submit. An email is sent to the email address from the previous step.

  4. Click the link in the email from nvd-noreply@nist-gov.

  5. A new tab containing the new API key opens in your browser. Copy the API key and save it in a safe and secure location.

note

You can not view the API key again. If you lose or forget the key, you must request a new one. For additional information, see NIST NVD documentation.

Additional settings

The NIST NVD connector contains additional options for specific configuration:

  • Parallel requests: The maximum number of parallel API requests. The default setting is 2.

  • Maximum retries: The maximum number of times that the integration attempts to connect to the NIST NVD APIs before giving up and reporting a failure. The default setting is 10.

Types of data to retrieve

The NIST NVD connector can retrieve the following types of data from the NIST NVD API:

Connector ObjectRequiredMaps to Data Model
ProductNoCPE record
VulnerabilityYesCVE record
WeaknessYesWeakness
info

The NIST NVD connector does not currently support operation options for the types of data it retrieves.

For detailed steps on how to view the data retrieved from NIST NVD in the Brinqa Platform, see How to view your data.

APIs

The NIST NVD connector uses the Product API v2.0 and Vulnerability API v2.0. Specifically, it uses the following endpoints:

  • /rest/json/cpes/2.0

  • /rest/json/cves/2.0

Changelog

The NIST NVD connector has undergone the following changes:

3.1.11

  • Updated dependencies.

3.1.10

3.1.9

  • Changed the SOURCE_SEVERITY attribute type on the Vulnerability object from string to integer.

3.1.8

  • Fixed an issue that was affecting the retrieval of the AFFECTED attribute on the Vulnerability object.

3.1.7

  • Updated to retrieve weaknesses from upper levels.

  • Updated dependencies.

3.1.6

  • Updated dependencies.

3.1.5

  • Updated its API key for accessing the National Vulnerability Database (NVD).

3.1.0

3.0.5

  • Upgraded to the latest Connector Framework.

3.0.0