NIST NVD
The NVD (National Vulnerability Database) from NIST (National Institute of Standards and Technology) provides vulnerability management data based on the Security Content Automation Protocol (SCAP). The NIST NVD connector retrieves Common Vulnerability and Exposures (CVE) records, Common Platform Enumeration (CPE) records, and Common Weakness Enumeration (CWE) records from NVD. You can bring these findings into Brinqa to construct a unified view of your attack surface and strengthen your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with NIST NVD and how to obtain that information from NIST NVD. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select NIST NVD from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate NIST NVD with Brinqa:
-
Service URL: The NIST NVD Service URL. The default URL is
https://services.nvd.nist.gov. -
API Key: The access key associated with the NIST NVD account, which must have permissions to log in to the API server and return data.
Generate a NIST NVD API key
For the NIST NVD connector to use the NIST NVD API, you must provide the API keys from NIST NVD. To obtain an API key, follow these steps:
-
Navigate to NIST NVD's developer portal.
-
Fill in the organization name and email address, and then select the organization type from the drop-down.
-
Agree to the Terms of Use and click Submit. An email is sent to the email address from the previous step.
-
Click the link in the email from
nvd-noreply@nist-gov. -
A new tab containing the new API key opens in your browser. Copy the API key and save it in a safe and secure location.
You can not view the API key again. If you lose or forget the key, you must request a new one. For additional information, see NIST NVD documentation.
Additional settings
The NIST NVD connector contains additional options for configuration:
-
Set page size: The maximum number of records to get per API request. The default setting is 1000.
-
Parallel requests: The maximum number of parallel API requests. The default setting is 2.
Types of data to retrieve
The NIST NVD connector can retrieve the following types of data from the NIST NVD API:
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Product | No | CPE record |
| Vulnerability | Yes | CVE record |
| Weakness | Yes | Weakness |
The NIST NVD connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from NIST NVD in the Brinqa Platform, see How to view your data.
APIs
The NIST NVD connector uses the Product API v2.0 and Vulnerability API v2.0. Specifically, it uses the following endpoints:
-
/rest/json/cpes/2.0 -
/rest/json/cves/2.0
Changelog
The NIST NVD connector has undergone the following changes:
3.1.7
-
Updated to retrieve weaknesses from upper levels.
-
Updated dependencies.
3.1.5
- Updated its API key for accessing the National Vulnerability Database (NVD).
3.1.0
- Switched to CPE API v2.0 and CVE API v2.0.
3.0.5
- Upgraded to the latest Connector Framework.
3.0.0
- Initial Integration+ release.