Missing context in indicator preview. I executed an NVD reputation command on CVE via a custom script.

assubramania — Fri, 25 Oct 2024 03:19:39 GMT

Hi Team, The standard customer, where there is missing context in indicator preview. I executed an NVD reputation command on CVE via a custom script (CV Reputation).The results are in the attached playground data, but they're not reflected in the indicator sample. Please refer the screenshot.

What has been done:

Non- working:
Integration: Nist NVD (Community Contribution)
Command: ! nvd-search-cve cve="CVE-2024-10198"In the war room we see the desired metric in context data but no context data metric populated in indicator sample.

Working:
Integration: Recorded Future v2 (Partner Contribution)
Command:!cve cve="CVE-2024-10198"Were we could see the metric in war room and the indicator sample.

Any suggestion urgently.

Re: Missing context in indicator preview. I executed an NVD reputation command on CVE via a custom script.

AbelSantamarina — Wed, 30 Oct 2024 15:43:31 GMT

@assubramania, this happens because the NVD command !nvd-search-cve is not a reputation command but rather a CVE lookup command. One way to map the metrics output from the command !nvd-search-cve to your CVE type indicator is to create an indicator field of type Grid, containing all the columns that are part of the metrics result (see screenshot), associate it to the CVE indicator type, and then set the grid with the values from that output in a different task in your playbook. To populate the grid you can use the automation attached (SetGridField4Indicator). Lastly, in order to display the new field in your CVE indicator layout, you need to edit the layout to include it (see screenshots "CVE Indicator layout.png" and "CVE Indicator View.png")

This is the syntax to use the command attached:

!SetGridField4Indicator grid_id=cvemetrics columns="CVSS Vector String,CVSS Integrity Impact,CVSS Scope,CVSS Attack Complexity,CVSS User Interaction,CVSS Confidentiality Impact,CVSS Attack Vector,CVSS Privileges Required,CVSS Base Score,Exploitability Score,Impact Score,CVSS Availability Impact,CVSS Base Severity" context_path=NistNVD.CVESearch.metrics indicator=CVE-2024-10154

Let me know if you have any questions.

topic Re: Missing context in indicator preview. I executed an NVD reputation command on CVE via a custom script. in Cortex XSOAR Discussions

Missing context in indicator preview. I executed an NVD reputation command on CVE via a custom script.

Re: Missing context in indicator preview. I executed an NVD reputation command on CVE via a custom script.