Package Documentation
Storm Package: synapse-nist-nvd
The following Commands are available from this package. This documentation is generated for version 2.1.1 of the package.
Storm Commands
This package implements the following Storm Commands.
nist.nvd.cve.byid
Ingest a CVE record by CVE id.
This command takes risk:vuln and it:sec:cve nodes as input and queries
the NIST NVD API for the corresponding CVE record.
Examples:
// Enrich an it:sec:cve node
it:sec:cve=CVE-2020-0001 | nist.nvd.cve.byid --yield
Usage: nist.nvd.cve.byid [options]
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--yield : Yield the newly created nodes.
nist.nvd.cves.feed
Ingest a feed of CVE records.
This command will automatically store progress of the ingest,
starting first with an offset to load all records and then proceeding
to use the modified date.
It is recommended to create a single cron job to run this command
so that results are contiguous in the view it is running.
Per NIST NVD guidelines the cron job should not be run more than once
every 2 hours.
Examples:
// Ingest all CVE records
nist.nvd.cves.feed
// Create a cron job to ingest new results every day
cron.add --name nist.nvd.cves.feed --hour 3 { nist.nvd.cves.feed }
// Reset the stored progress and ingest records from index 0
nist.nvd.cves.feed --reset-last
Usage: nist.nvd.cves.feed [options]
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--yield : Yield the newly created nodes.
--reset-last : Reset the stored progress offset.
nist.nvd.cves.search
Search for CVE records.
This command will also create an it:exec:query node to represent the
query syntax and link resulting nodes to it via -(found)> edges.
Examples:
// Search for CVEs with 'log4j' in their description and yield risk:vuln nodes
nist.nvd.cves.search log4j --yield
Usage: nist.nvd.cves.search [options] <query>
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size.
--yield : Yield the newly created nodes.
--published <published> : Search for CVEs published in a specific date range (120 days max).
--modified <modified> : Search for CVEs modified in a specific date range (120 days max).
--cpe <cpe> : Search for CVEs associated with a specific CPE.
--cwe <cwe> : Search for CVEs which include a specific CWE.
--cveTag <cveTag> : Search for CVEs with specific tags.
Arguments:
[query] : Keywords to search for in CVE descriptions.
nist.nvd.setup.apikey
Manage the NVD API key.
NOTE: If an API key is not set requests will be subject to public rate-limiting
Examples
// Set a global NVD API key
nist.nvd.setup.apikey abcd1234
// Set a NVD API key for the current user
nist.nvd.setup.apikey --self abcd1234
// Display the API key scope of the current key
nist.nvd.setup.apikey --show-scope
// Display the current API key.
nist.nvd.setup.apikey --show-apikey
// Remove the current global API key.
nist.nvd.setup.apikey --remove
// Remove the per-user API key for the current user.
nist.nvd.setup.apikey --self --remove
Usage: nist.nvd.setup.apikey [options] <apikey>
Options:
--help : Display the command usage.
--self : Set or remove the key as a user variable. If not used, the key is set globally.
--show-scope : Display the API key scope in use (global vs self).
--show-apikey : Display the API key value (requires admin perms or a "self" scope key).
--remove : Remove the configured API key. May be used with --self.
Arguments:
[apikey] : The API key string.
Storm Modules
This package does not export any Storm APIs.