Skip to content

Latest commit

 

History

History
125 lines (94 loc) · 3.88 KB

README.md

File metadata and controls

125 lines (94 loc) · 3.88 KB
Raw

Searches for CVE information using circl.lu.

Configure CIRCL CVE Search on Cortex XSOAR

  1. Navigate to Settings > Integrations > Data Enrichment & Threat Intelligence.

  2. Search for CIRCL.

  3. Click Add instance to create and configure a new integration instance.

    Parameter Required
    Server URL True
    Use system proxy settings False
    Trust any certificate (not secure) False

  4. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

cve-latest

Returns the latest updated CVEs.

Base Command

cve-latest

Input

Argument Name Description Required
limit The maximum number of CVEs to display. Optional

Context Output

Path Type Description
CVE.ID String The ID of the CVE.
CVE.CVSS Number The CVSS score of the CVE.
CVE.Published Date The date the CVE was published.
CVE.Modified Date The date that the CVE was last modified.
CVE.Description String The description of the CVE.
DBotScore.Indicator String The indicator value.
DBotScore.Score Number The indicator score.
DBotScore.Type String The indicator type.
DBotScore.Vendor String The vendor reporting the score of the indicator.
Human Readable Output
CVSS The CVE CVSS Score
Description CVE Description
ID CVE ID
Modified The date the CVE was modified
Published The date the CVE was published

cve

Returns CVE information by CVE ID.

Base Command

cve

Input

Argument Name Description Required
cve A comma-separated list of CVE IDs to search Required

Context Output

Path Type Description
CVE.ID String The ID of the CVE.
CVE.CVSS.Score Number The CVSS score of the CVE.
CVE.CVSS.Vector String The CVSS vector of the CVE.
CVE.CVSS.Table Dict The CVSS table of the CVE.
CVE.Published Date The date the CVE was published.
CVE.Modified Date The date that the CVE was last modified.
CVE.Description String The description of the CVE.
CVE.vulnerableconfigurations Dict Vulnerable configurations in CPE format
CVE.vulnerableproduct Dict Vulnerable products in CPE format
CVE.Tags List A list of tags
CVE.Relationships List List of relationships for the CVE
DBotScore.Indicator String The indicator value.
DBotScore.Score Number The indicator score.
DBotScore.Type String The indicator type.
DBotScore.Vendor String The vendor reporting the score of the indicator.
Command Example

!cve cve=CVE-2014-1234

Context Example
{
    "CVE": [
        {
            "ID": "CVE-2014-1234",
            "Published": "2014-01-10T12:02:00",
            "CVSS": 2.1,
            "Modified": "2014-01-10T17:57:00",
            "Description": "The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process."
        }
    ]
}
Human Readable Output
CVSS 4.3
Description XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.
ID CVE-2022-1234
Modified 2022-04-13T15:03:00
Published 2022-04-06T04:15:00