When importing a .json file into RiskVision, the NVD Connector will populate different fields depending on which data feed the file comes from.
When Importing CVE Files
RiskVision will capture the following from the NVD website:
Description
The Current Description and Analysis Description will be uploaded to the Description field of a vulnerability's General tab.
Severity
The vulnerability's CVSS v2.0 Score tab will capture all scores from the file's CVSS Score section.
The CVSS v3 Score tab will capture all fields and values in the following sections of the .json file:
- CVSS v3 Version
- Base Score Metrics v3
- CVSS v3 Score
Hyperlinks
All related hyperlinks will be captured in the Description field of the vulnerability's Identification tab.
Resources
All related resources will be captured in the Resource field of the vulnerabilities Identification tab.
Weakness Enumeration
The .json file's CWE Name will be captured in the Weaknesses field of the vulnerability's General tab. The CWE-ID and Source will not be captured.
Known Affected Software Configurations
These will be captured in the vulnerability's Technologies tab.
When Importing CPE Files
RiskVision will capture the following from the NVD website:
CPE Names
RiskVision can only import names from version 2.2 of CPE. The following components will be captured by the General tab of a technology:
- Part
- Vendor
- Product
- Cloud-init
- Version
- Update
- Edition
- Language
Metadata
The Text title will be captured by the Full Name field in a technology's General tab, but the Locale title will not.
References
This section is not captured as they contain Change Log data.
CPE Usage
View and Associated vulnerabilities will be captured in RiskVision's Vulnerabilities tab for threats and technologies.
The connector will not capture the file's quick info such as published dates and last modified dates. |
When Importing CWE Files
While the NVD connector will import files from the CWE datafeed, it will import data from a different site than the NVD site. As of now, RiskVision will only capture Parent Of information from CWE files in the General tab of a weakness.