Skip to main content

NIST NVD

Threat Intelligence

The NIST NVD Connector integrates with the National Vulnerability Database (NVD) maintained by the U.S. National Institute of Standards and Technology, together with the CWE catalog published by MITRE. It synchronizes three datasets:

  • Vulnerabilities (CVE records) — published CVEs including descriptions, CVSS v2/v3 scoring, CISA Known Exploited Vulnerability (KEV) data, weakness (CWE) associations, and the affected products (CPEs) resolved from CPE match criteria.
  • Weaknesses (CWE) — the latest CWE weakness catalog, including weakness names, descriptions, exploit likelihood, and parent-weakness relationships.
  • Products (CPE) — Common Platform Enumeration dictionary entries, with the CPE name parsed into its Well-Formed Name (WFN) components.

The Vulnerability and Product datasets are retrieved from the NVD REST API and support incremental synchronization. The Weakness dataset is downloaded as a compressed XML archive directly from MITRE.

Data retrieved from NIST NVD

Connector ObjectRequiredMaps to Data Model
VulnerabilityYesCve Record
WeaknessYesWeakness
ProductYesProduct

Model relationships

note

For detailed steps on how to view the data retrieved from NIST NVD in the Brinqa Platform, see How to view your data.