This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Missing context in indicator preview. I executed an NVD reputation command on CVE via a custom script.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Missing context in indicator preview. I executed an NVD reputation command on CVE via a custom script.

assubramania
L2 Linker

‎10-24-2024 08:15 PM - edited ‎10-24-2024 08:19 PM

Hi Team, The standard customer, where there is missing context in indicator preview. I executed an NVD reputation command on CVE via a custom script (CV Reputation).The results are in the attached playground data, but they're not reflected in the indicator sample. Please refer the screenshot.
 
What has been done:
 
Non- working:
Integration: Nist NVD (Community Contribution)
Command: ! nvd-search-cve cve="CVE-2024-10198"In the war room we see the desired metric in context data but no context data metric populated in indicator sample.
 
Working:
Integration: Recorded Future v2 (Partner Contribution)
Command:!cve cve="CVE-2024-10198"Were we could see the metric in war room and the indicator sample.
 
Any suggestion urgently.
Preview file
43 KB
Preview file
74 KB
Preview file
60 KB
0 Likes Likes
1 REPLY 1

AbelSantamarina
L3 Networker

‎10-30-2024 08:43 AM

@assubramania, this happens because the NVD command !nvd-search-cve is not a reputation command but rather a CVE lookup command. One way to map the metrics output from the command !nvd-search-cve to your CVE type indicator is to create an indicator field of type Grid, containing all the columns that are part of the metrics result (see screenshot), associate it to the CVE indicator type, and then set the grid with the values from that output in a different task in your playbook. To populate the grid you can use the automation attached (SetGridField4Indicator). Lastly, in order to display the new field in your CVE indicator layout, you need to edit the layout to include it (see screenshots "CVE Indicator layout.png" and "CVE Indicator View.png")

This is the syntax to use the command attached:

!SetGridField4Indicator grid_id=cvemetrics columns="CVSS Vector String,CVSS Integrity Impact,CVSS Scope,CVSS Attack Complexity,CVSS User Interaction,CVSS Confidentiality Impact,CVSS Attack Vector,CVSS Privileges Required,CVSS Base Score,Exploitability Score,Impact Score,CVSS Availability Impact,CVSS Base Severity" context_path=NistNVD.CVESearch.metrics indicator=CVE-2024-10154
 
Let me know if you have any questions.




Preview file
43 KB
SetGridField4Indicator.zip
Preview file
198 KB
Preview file
203 KB
(1)
  • 495 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks