
VulnDB
Vulnerability Management- Overview
- Setup
- Data & mappings
- Operations & API
- Changelog
The VulnDB connector integrates with Flashpoint VulnDB, a commercial vulnerability intelligence database. It syncs vulnerability records (mapped to CVE Records), along with the supporting software vendors, software products, and software product versions that those vulnerabilities affect. Vulnerability data includes CVSS v2 and v3 metrics, classifications, affected/unaffected product versions, exploit and vendor references, and a range of disclosure/remediation timestamps. Vendor and product records additionally carry VulnDB analytics such as ratings, cost-of-ownership, and time-to-event (VTEM) metrics.
Data retrieved from VulnDB
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Vulnerability | Yes | CVE Record |
| Product Version | Yes | Product Version |
| Vendor | Yes | Vendor |
| Product | Yes | Product |
Model relationships
For detailed steps on how to view the data retrieved from VulnDB in the Brinqa Platform, see How to view your data.
Connection settings
When setting up a data integration, select VulnDB from the Connector dropdown and provide the following:
| Setting | Required | Default | Description |
|---|---|---|---|
| API URL | No | — | API URL |
| Client ID | No | — | API client id |
| Client Secret | No | — | API client secret |
| Page size | No | — | Maximum number of records to get per API request |
| Parallel requests | No | — | Maximum number of parallel API requests |
Authentication
The connector authenticates using OAuth2 client credentials. On the first request of a sync, the connector exchanges the configured Client ID and Client Secret for a short-lived Bearer access token, then uses that token on all subsequent API requests. The token is discarded at the end of each sync.
Token Endpoint
| Method | URL |
|---|---|
| POST | {API URL}/oauth/token |
Request Headers
| Header | Value |
|---|---|
| Content-Type | application/json |
Request Body
{
"client_id": "<your-client-id>",
"client_secret": "<your-client-secret>",
"grant_type": "client_credentials"
}
Sample Response
{
"access_token": "eyJhbGciOiJSUzI1Ni, ... ",
"token_type": "Bearer"
}
Response Fields
| Field | Description |
|---|---|
access_token | The Bearer token used to authorize subsequent API calls. |
token_type | The token type returned by the authorization server (Bearer). |
Using the Token
Every data request sets the following headers, where access_token is the value obtained from the token endpoint:
| Header | Value |
|---|---|
Authorization | Bearer {access_token} |
Accept | application/json |
How to obtain VulnDB credentials
Generate VulnDB client ID and secret
For the VulnDB connector to use the VulnDB REST API, you must register a new application to obtain the client ID and client secret. While you can view the credentials for any registered app within VulnDB, you can also create a new app. To do so, follow these steps:
-
Log in to your organization's VulnDB portal as an administrator.
-
Click API > Overview.
-
Locate the OAuth Client Applications section.
-
Click Register new application. Fill in the following fields:
-
Name: The name of your application.
-
Main Application URL: This field may not have an impact on the functionality of the VulnDB connector. However, it's considered best practice to enter the URL where your Brinqa Platform is hosted, the default URL format being
https://<BrinqaPlatformName>.brinqa.net.
-
-
Click Register.
Your new client ID and client secret displays. Make sure to copy the credentials and paste them into the Client ID and Client Secret fields in the integration configuration.
Note: If you do not have the permissions to register a new application and create a client ID and client secret, contact your VulnDB administrator.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes:
Vulnerability
| Source Field Name | SDM Attribute |
|---|---|
| Computed from CVSS v2 metric | CVSS_V2_SEVERITY |
| Computed from CVSS v3 metric | CVSS_V3_SEVERITY |
CVSS v2 vector (Attack Complexity) | CVSS_V2_AC |
CVSS v2 vector (Attack Vector) | CVSS_V2_AV |
CVSS v2 vector (Authentication) | CVSS_V2_AU |
CVSS v2 vector (Availability Impact) | CVSS_V2_AI |
CVSS v2 vector (Confidentiality Impact) | CVSS_V2_CI |
CVSS v2 vector (Exploitability) | CVSS_V2_E |
CVSS v2 vector (Integrity Impact) | CVSS_V2_II |
CVSS v2 vector (Remediation Level) | CVSS_V2_RL |
CVSS v2 vector (Report Confidence) | CVSS_V2_RC |
CVSS v3 vector (Attack Complexity) | CVSS_V3_AC |
CVSS v3 vector (Attack Vector) | CVSS_V3_AV |
CVSS v3 vector (Availability Impact) | CVSS_V3_AI |
CVSS v3 vector (Confidentiality Impact) | CVSS_V3_CI |
CVSS v3 vector (Exploitability) | CVSS_V3_E |
CVSS v3 vector (Integrity Impact) | CVSS_V3_II |
CVSS v3 vector (Privileges Required) | CVSS_V3_PR |
CVSS v3 vector (Remediation Level) | CVSS_V3_RL |
CVSS v3 vector (Report Confidence) | CVSS_V3_RC |
CVSS v3 vector (User Interaction) | CVSS_V3_UI |
Derived CVE ID (e.g. CVE-2023-1234) | UID |
| Derived from ext_references of type "CVE ID" | CVE_IDS / CVE_RECORDS |
| ext_references of type "related vulndb id" | RELATED_VULN_DB_ID |
| ext_references of type exploit/metasploit | EXPLOITS |
| ext_references of type vendor | VENDOR_ADVISORIES |
| Remaining ext_references | REFERENCES |
vendors[].products[].versions[] (affected) | AFFECTED |
vendors[].products[].versions[] (not affected) | UNAFFECTED_PRODUCTS |
Vulnerability.changelog (Affected Status entries) | CHANGE_LOG |
Vulnerability.classifications[].longname | CATEGORIES |
Vulnerability.cvss_metrics[0].score | CVSS_V2_BASE_SCORE |
Vulnerability.cvss_metrics[0].vector | CVSS_V2_VECTOR |
Vulnerability.cvss_version_three_metrics[0].score | CVSS_V3_BASE_SCORE |
Vulnerability.cvss_version_three_metrics[0].vector | CVSS_V3_VECTOR |
Vulnerability.description, t_description, manual_notes, changelog | DESCRIPTION |
Vulnerability.disclosure_date | DISCLOSURE_DATE |
Vulnerability.exploit_publish_date | EXPLOIT_PUBLISH_DATE |
Vulnerability.keywords (comma-split) | KEYWORDS |
Vulnerability.solution | RECOMMENDATION |
Vulnerability.solution_date | SOLUTION_DATE |
Vulnerability.third_party_solution_date | THIRD_PARTY_SOLUTION_DATE |
Vulnerability.title (Name set to CVE ID) | NAME |
Vulnerability.vendor_ack_date | VENDOR_ACK_DATE |
Vulnerability.vendor_informed_date | VENDOR_INFORMED_DATE |
Vulnerability.vulndb_id (prefixed VulnDB-ID-) | VULNDB_ID |
Vulnerability.vulndb_last_modified | SOURCE_LAST_MODIFIED |
Vulnerability.vulndb_published_date | PUBLISHED_DATE |
Product Version
| Source Field Name | SDM Attribute |
|---|---|
MD5 of vendor.id.product.id.version.id | UID |
product.id | PRODUCT_ID |
product.name | PRODUCT_NAME |
product.name + version.name | TITLE |
vendor.id | VENDOR_ID |
vendor.name | VENDOR_NAME |
version.cpe[].cpe | CPE |
version.name (falls back to version.id) | NAME |
Vendor
| Source Field Name | SDM Attribute |
|---|---|
Vendor.average_disclosure_interval | AVG_DISCLOSURE_INTERVAL |
Vendor.cost_of_ownership | COST_OF_OWNERSHIP |
Vendor.id | UID |
Vendor.name | NAME |
Vendor.rating | RATING |
Vendor.short_name | SHORT_NAME |
Vendor.vendor_url | URL |
| VTEM time_to_exploit | TIME_TO_EXPLOIT |
| VTEM time_to_patch | TIME_TO_PATCH |
| VTEM time_unpatched | TIME_UNPATCHED |
| VTEM total_time_to_exploit | TOTAL_TIME_TO_EXPLOIT |
| VTEM total_time_to_patch | TOTAL_TIME_TO_PATCH |
| VTEM vendor_response_time | VENDOR_RESPONSE_TIME |
Product
| Source Field Name | SDM Attribute |
|---|---|
Product.average_disclosure_interval | AVG_DISCLOSURE_INTERVAL |
Product.code_maturity_score | CODE_MATURITY_SCORE |
Product.cost_of_ownership | COST_OF_OWNERSHIP |
Product.id | UID |
Product.name | NAME |
Product.rating | RATING |
| VTEM time_to_exploit | TIME_TO_EXPLOIT |
| VTEM time_to_patch | TIME_TO_PATCH |
| VTEM time_unpatched | TIME_UNPATCHED |
| VTEM total_time_to_exploit | TOTAL_TIME_TO_EXPLOIT |
| VTEM total_time_to_patch | TOTAL_TIME_TO_PATCH |
| VTEM vendor_response_time | VENDOR_RESPONSE_TIME |
Operations & API
Expand each connector object to see its operation options, delta-sync behavior, and the API it uses. See connector operation options for how to apply operation options (keys and values are case-sensitive).
Vulnerability
Operation options
| Option | Type | Default | Description |
|---|---|---|---|
package_info | false | Include package information in the response. | |
library_info | false | Include library information in the response. | |
changelog | false | Include change-log entries in the response. |
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET /api/v1/vulnerabilities/0/find_next_to_vulndb_id - Default filters:
nested=true,show_cpe_full=true,show_cvss_v3=true,full_reference_url=true,additional_info=true; incremental date sync addsstart_date/end_date/date_type=vulndb_last_modified, time sync addshours_ago
Product Version
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET /api/v1/vulnerabilities/0/find_next_to_vulndb_id - Default filters:
nested=true,show_cpe_full=true; incremental date sync addsstart_date/end_date/date_type=vulndb_last_modified, time sync addshours_ago
Vendor
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET /api/v1/vendors/new_vendors - Default filters:
average_disclosure_interval=true,cost_of_ownership=true,rating=true,vtems=true,start_date/end_date
Product
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET /api/v1/products/new_products - Default filters:
average_disclosure_interval=true,cost_of_ownership=true,rating=true,vtems=true,start_date/end_date
Changelog
The VulnDB connector has undergone the following changes:
| Version | Description | Migration Steps |
|---|---|---|
| 3.0.7 | Improvements - Connector-sourced attribute values now take precedence over non-connector data channels (manual edits, bulk imports, UI input) when the platform consolidates records, so Flashpoint data is no longer overridden by lower-priority sources. Bug Fixes - Corrected the data type of the Software Product model's "Code maturity score" attribute from a numeric (Float) type to text, matching the string value returned by the VulnDB API. | • SoftwareProduct: the "Code maturity score" attribute changed from Float to text. Re-sync the Flashpoint connector to repopulate software products with the corrected type. |