VulnDB
VulnDB is a vulnerability management tool that provides details on software, hardware, and vulnerabilities. You can bring product, product version, vendor, and security data from VulnDB into Brinqa to identify, prioritize, and address vulnerabilities within your infrastructure, thus enhancing your cybersecurity strategy and strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with VulnDB and how to obtain that information from VulnDB. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select VulnDB from the Connector drop-down. If you cannot find the connector in the drop-down, make sure you have installed it first. You must provide the following information to authenticate VulnDB with Brinqa:
-
API URL: The VulnDB API Server URL. The default URL is
https://vulndb.cyberriskanalytics.com. -
Client ID and Client Secret: The client ID and client secret associated with the VulnDB account, which must have permissions to log in to the API server and return data.
Generate VulnDB client ID and secret
For the VulnDB connector to use the VulnDB REST API, you must register a new application to obtain the client ID and client secret. While you can view the credentials for any registered app within VulnDB, you can also create a new app. To do so, follow these steps:
-
Log in to the VulnDB portal at https://vulndb.cyberriskanalytics.com.
-
Click API > Overview.
-
Locate the OAuth Client Applications section.
-
Click Register new application. Fill in the following fields:
-
Name: The name of your application.
-
Main Application URL: This field may not have an impact on the functionality of the VulnDB connector. However, it's considered best practice to enter the URL where your Brinqa Platform is hosted, the default URL format being
https://<BrinqaPlatformName>.brinqa.net.
-
-
Click Register.
Your new client ID and client secret displays. Make sure to copy the credentials and paste them into the Client ID and Client Secret fields in the integration configuration.
If you do not have the permissions to register a new application and create a client ID and client secret, contact your VulnDB administrator.
Additional settings
The VulnDB connector contains additional options for specific configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 50. It is not recommended to go over 50.
-
Parallel requests: The maximum number of parallel API requests. The default setting is 4.
Types of data to retrieve
The VulnDB connector can retrieve the following types of data from the VulnDB API:
Table 1: Data retrieved from VulnDB
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Product | No | Not mapped |
| Product Version | No | Not mapped |
| Vendor | No | Not mapped |
| Vulnerability | Yes | CVE record |
For detailed steps on how to view the data retrieved from VulnDB in the Brinqa Platform, see How to view your data.
Attribute mappings
The table below details the mappings between the source and the Brinqa data model attributes.
Table 2: Vulnerability attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| affected_products | affected |
| analysis | description |
| change_log | description |
| classification | categories |
| cpe | affected |
| cve | cveIds, cveRecords |
| cvss_score | cvssV2BaseScore |
| cvss_vector | cvssV2Vector |
| cvss_v3_score | cvssV3BaseScore |
| cvss_v3_vector | cvssV3Vector |
| description | description |
| disclosure_date | Local variable |
| exploit_publish_date | Local variable |
| exploit_refs | exploits |
| keywords | Local variable |
| last_modifed | sourceLastModified |
| notes | description |
| other cvss v2 and v3 fields | other cvss v2/v3 fields |
| published_date | publishedDate |
| references | references |
| related_vuln_db_id | Local variable |
| solution | recommendation |
| solution_date | Local variable |
| sys_id | uid |
| third_party_solution_date | Local variable |
| title | name |
| unaffected_products | Local variable |
| vendor_ack_date | Local variable |
| vendor_advisories | Local variable |
| vendor_informed_date | Local variable |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Operation options
The VulnDB connector supports the following operation options. See connector operation options for information about how to apply them.
Table 3: VulnDB connector operation options
| Connector Object | Option | All Possible Values | Description | Example |
|---|---|---|---|---|
| Vulnerability | changelog | true, false | Retrieve changelog information related to each vulnerability when set to true. The default is false. | Key: changelog Value: true. This key and value combination retrieves changelog information for vulnerabilities. |
| library_info | true, false | Retrieve affected library information (if available) related to each vulnerability when set to true. The default is false. | Key: library_info Value: true. This key and value combination retrieves information about affected libraries. | |
| package_info | true, false | Retrieve affected package information (if available) related to each vulnerability when set to true. The default is false. | Key: package_info Value: true. This key and value combination retrieves information about affected packages. |
The option keys and values are case-sensitive as they are shown in this documentation.
APIs
The VulnDB connector uses the VulnDB REST API. Specifically, it uses the following endpoints:
Table 4: VulnDB REST API Endpoints
| Connector Object | API Endpoints |
|---|---|
| Product | GET https://vulndb.cyberriskanalytics.com/api/v1/products/modified_products |
GET https://vulndb.cyberriskanalytics.com/api/v1/products/new_products | |
| Product Version | GET https://vulndb.cyberriskanalytics.com/api/v1/vulnerabilities/find_next_to_vulndb_id |
GET https://vulndb.cyberriskanalytics.com/api/v1/vulnerabilities/find_by_date | |
GET https://vulndb.cyberriskanalytics.com/api/v1/vulnerabilities/find_by_time | |
| Vendor | GET https://vulndb.cyberriskanalytics.com/api/v1/vendors/modified_vendors |
GET https://vulndb.cyberriskanalytics.com/api/v1/vendors/new_vendors | |
| Vulnerability | GET https://vulndb.cyberriskanalytics.com/api/v1/vulnerabilities/find_next_to_vulndb_id |
GET https://vulndb.cyberriskanalytics.com/api/v1/vulnerabilities/find_by_date | |
GET https://vulndb.cyberriskanalytics.com/api/v1/vulnerabilities/find_by_time |
Changelog
The VulnDB connector has undergone the following changes:
3.0.5
- Added a string-to-integer conversion before assigning the value to the AVG_DISCLOSURE_INTERVAL attribute on the Product object.
3.0.4
- Changed the SHORT_NAME attribute type on the Vendor object from integer to string.
3.0.3
- Updated to use a consistent format for CVSS vectors.
3.0.2
- Made the UNAFFECTED_PRODUCTS attribute multi-valued.
3.0.1
- Enhanced to store all date attributes as Date Time values.
3.0.0
- Initial Integration+ release.