Missing context in indicator preview. I executed an NVD reputation command on CVE via a custom script.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Missing context in indicator preview. I executed an NVD reputation command on CVE via a custom script.

L2 Linker
Hi Team, The standard customer, where there is missing context in indicator preview. I executed an NVD reputation command on CVE via a custom script (CV Reputation).The results are in the attached playground data, but they're not reflected in the indicator sample. Please refer the screenshot.
 
What has been done:
 
Non- working:
Integration: Nist NVD (Community Contribution)
Command: ! nvd-search-cve cve="CVE-2024-10198"In the war room we see the desired metric in context data but no context data metric populated in indicator sample.
 
Working:
Integration: Recorded Future v2 (Partner Contribution)
Command:!cve cve="CVE-2024-10198"Were we could see the metric in war room and the indicator sample.
 
Any suggestion urgently.
1 REPLY 1

L3 Networker

@assubramania, this happens because the NVD command !nvd-search-cve is not a reputation command but rather a CVE lookup command. One way to map the metrics output from the command !nvd-search-cve to your CVE type indicator is to create an indicator field of type Grid, containing all the columns that are part of the metrics result (see screenshot), associate it to the CVE indicator type, and then set the grid with the values from that output in a different task in your playbook. To populate the grid you can use the automation attached (SetGridField4Indicator). Lastly, in order to display the new field in your CVE indicator layout, you need to edit the layout to include it (see screenshots "CVE Indicator layout.png" and "CVE Indicator View.png")

This is the syntax to use the command attached:

!SetGridField4Indicator grid_id=cvemetrics columns="CVSS Vector String,CVSS Integrity Impact,CVSS Scope,CVSS Attack Complexity,CVSS User Interaction,CVSS Confidentiality Impact,CVSS Attack Vector,CVSS Privileges Required,CVSS Base Score,Exploitability Score,Impact Score,CVSS Availability Impact,CVSS Base Severity" context_path=NistNVD.CVESearch.metrics indicator=CVE-2024-10154
 
Let me know if you have any questions.




  • 498 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!