-
Notifications
You must be signed in to change notification settings - Fork 317
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add intel module to sync CVE data from NIST #794
Conversation
This is very interesting. Aside, the lack of a cleanup job is concerning, and we'll need to carefully consider the possibility of the graph growing too large too quickly. |
Well, for this there's an upper bound on growth. Nodes are only added if
there's new CVEs. Also, there's no cleanup because CVEs are never deleted
from the source.
…On Thu, Apr 7, 2022, 1:49 AM Ramon Petgrave ***@***.***> wrote:
This is very interesting.
Aside, the lack of a cleanup job is concerning, and we'll need to
carefully consider the possibility of the graph growing too large too
quickly.
—
Reply to this email directly, view it on GitHub
<#794 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AALXSMUVCLPQ3BEMHX4XP3TVDW6ARANCNFSM5SHNLEFQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
Not stale |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please update 'supported platforms' under README.md too?
@achantavy done! |
This change adds a cve intel module, which syncs CVE data from the NIST json feeds, using the v4 json format feeds.
This module is a bit special, since it doesn't have a cleanup job, and it introspects the graph to determine what it needs to sync.
CVE data is generally historical and isn't deleted. The data is updated, but is updated through a feed. Historical data is grouped by year, and updates are available in special feeds that are updated daily, and contain updates for the past 8 days. The yearly data is also updated daily, but assuming the yearly data has been synced, it's only necessary to pull in the recent and modified feeds after that point.
The module syncs each year, then syncs the recent and historical data. For each type (year, recent, modified), it records the sync via SyncMetadata. Prior to syncing the yearly data, the module checks to see if the yearly data has been synced by introspecting the graph for the SyncMetadata for the yearly data. It only syncs years that have not yet been recorded. This allows the module to normally only sync the modified and recent feeds.