This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Issue | "Nist NVD" Integration is not working

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Issue | "Nist NVD" Integration is not working

Elad1Goldenberg
L0 Member

‎11-07-2021 03:12 AM

Hi,

 

We have an issue with "Nist NVD" integration.
When I click the command "!Nvd-search-keyword" we are getting the following message:

"{" message ":" Both modStartDate and modEndDate are required when either is present. "}"

 

The integration was published by: "Murat Ozfidan" and supported by "Community".

Does anyone have an issue and can help?

 

Thanks,

Elad

0 Likes Likes
3 REPLIES 3

MOzfidan
L0 Member

‎11-07-2021 05:58 AM

I found the cause of this error:

NVD has implemented API_Key. Until I upgrade integration you have to follow the limits or you can copy integration and change code, add api_key value to connection method. 

Code:

 

def connection(url, additional_parameters):

    headers = {'Accept': 'application/json'}
    #add "+ '&apiKey=' + YOUR_API_KEY" following row
    endpoint = url + additional_parameters + '&apiKey=' + YOUR_API_KEY
    req = requests.get(endpoint, headers=headers, verify=VERIFY_SSL)
    if req.status_code != 200:
        return_results(req.content)
        sys.exit(1)
    else:
        return req.json()

 

 

source: https://nvd.nist.gov/general/news/API-Key-Announcement

Best practices for using the NVD API:

The best practice for making requests within either rate limit is to use the modified date parameters. No more than once every two hours, automated requests should include a range where modStartDate equals the time of the last response received and modEndDate equals the current time. Enterprise scale development should enforce this approach through a single requestor to ensure all users are in sync and have the latest CVE and CPE information. It is also recommended that users "sleep" their scripts for six seconds between requests.

0 Likes Likes

Elad1Goldenberg
L0 Member
In response to MOzfidan

‎11-08-2021 02:40 AM

Hi  MOzfidan,

 

Thanks for the help.
I added the code to the integration but I still get the error:
"{"message": "Both modStartDate and modEndDate are required when either is present."}"

 

Please advise.

 

Thanks,

Elad

 
0 Likes Likes

MOzfidan
L0 Member

‎11-11-2021 03:06 AM

Hi Elad,

 

I resolved this issue.

I made a few changes in keyword_search function.

Finally, The yaml file is attached.

 

 

 

def keywordSearch():

    base_url = urljoin(demisto.params()['url'], '/rest/json/cves/1.0')
    keyword = demisto.args().get('keyword')
    isExactMatch = demisto.args().get('isExactMatch')
    time = int(demisto.args().get('time'))
    last_time = datetime.today() - timedelta(hours=int(time))
    start_date = last_time.strftime('%Y-%m-%dT%H:%M:%S:000')
    modEndDate_date =   datetime.today()
    modEndDate= modEndDate_date.strftime('%Y-%m-%dT%H:%M:%S:000')
    startIndex = demisto.args().get('startIndex')
    resultsPerPage = demisto.args().get('resultsPerPage')
    additional_parameters = '?modStartDate=' + start_date + ' UTC-00:00' + '&modEndDate=' + modEndDate + ' UTC-00:00' + '&keyword=' + keyword + \
        '&isExactMatch=' + isExactMatch + '&startIndex=' + str(startIndex) + '&resultsPerPage=' + str(resultsPerPage)
    generalSearchRequest = connection(base_url, additional_parameters)
    generalVulnerabilityList = extractVulnDetails(generalSearchRequest)

    headers = ['CVE ID', 'Description', 'Published Date', 'Last Modified Date', 'References']
    markdown = 'Keyword Search\n'
    markdown += tableToMarkdown('Vulnerabilities', generalVulnerabilityList, headers=headers, removeNull=True)

    results = CommandResults(
        readable_output=markdown,
        outputs_prefix='NistNVD.KeywordSearch',
        outputs_key_field='CVE ID',
        outputs=generalVulnerabilityList
    )

    return_results(results)

 

 

MOzfidan_0-1636628352314.png

 

MOzfidan_1-1636628398270.png

 

 

 

 

Nist_NVD_copy.yml.zip
0 Likes Likes
  • 4306 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks