Using the Connector.file.properties File

The connector.file.properties file maintains monitoring folder, server queue size, filter, and auto downloading of CPE, CVE, and CWE. The following show how these properties can be edited.

Monitor Folder

By default the folder_monitor_folder is located in <INSTALL_FOLDER>/Agiliance/NVD Connector/data. However, this location can be changed. GS: Is this the only way the user can edit the Monitor Folder setting?

To edit the monitor folder's location:

  1. Open the connector.file.properties file with a text editor.

  2. Change the following setting as desired:

    • folder_monitor_folder = <New_Folder_Path>

  3. Reset the connector for changes to take effect.

Queue Size

By default, the NVD connector will not send an import request to the server until the queue size is over twenty. This number can be changed.

To edit the queue size:

  1. Open the connector.file.properties file with a text editor.

  2. Change the following setting as desired:
    • server_queue_size = 20

  3. Reset the connector for changes to take effect.

Filter

By default, the filter xml file will be installed in <INSTALL_FOLDER>/Agiliance/NVD Connector/filter. All files from the NVD connector will be stored in this location before being processed. To change this location, move the xml file to the desired location. Reset the connector for changes to take effect.

Automatic Download of CPE, CVE & CWE Files

GS: Why would a user want to automatically download this information? The original documentation didn't say.

To enable the automatic download of CPE, CVE, and CWE files:

  1. Open the connector.file.properties file with a text editor.

  2. Optional: To automatically download the CPE, CVE, or CWE files, uncomment the following line:

    • file_listeners=com.agiliance.connector.nvd.CveListener com.agiliance.connector.nvd.CpeListener com.agiliance.connector.nvd.CweListener

  3. Optional: To only download one of the above files, uncomment the following line: GS: Can they only download CPE files, or can they choose any file type to download?

    • file_listeners= com.agiliance.connector.nvd.CpeListener

  4. Set the following lines as desired:

    • autoFeedOption=<CPE,CWE,CVE>

    • NvdCveUrl=[YYYY].xml" class="external-link" rel="nofollow">[YYYY].xml" class="external-link" rel="nofollow">http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-[YYYY].xml

    • NvdCpeUrl=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml

    • NvdCweUrl=http://cwe.mitre.org/data/xml/cwec_v2.5.xml.zip

    • fromYear=<YYYY>

    • toYear=<YYYY>

  5. Reset the connector for changes to take effect.

CVE Download Interval

The NVD connector can be configured to download CVE files at a rate of every two hours. Because the connector is not capable of auto-identifying newly added CVEs in NVD websites and processes unless it reaches the next download interval, two hours is considered the optimal interval time.

To change the CVE download interval:

  1. Open the connector.file.properties file with a text editor.

  2. Change the following setting as shown:
    • updatePeriod = 7200000

  3. Reset the connector for changes to take effect.