Risk Based Security VulnDB
Risk Based Security (RBS) provides detailed information and analysis on Vulnerability Intelligence, Data Breaches, and Vendor Risk Ratings. Our products, VulnDB and Cyber Risk Analytics (CRA), provide organizations access to the most comprehensive vulnerability and vendor risk knowledge bases available, including advanced search capabilities, access to raw data via RESTful API, and email alerting to assist organizations in taking the right actions in a timely manner.
VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities. VulnDB allows organizations to search on and be alerted to the latest vulnerabilities, both in end-user software and the third-party libraries or dependencies that developers use to build applications. A subscription to VulnDB provides organizations with simple to understand ratings and metrics on both vendors and products, and how each contributes to the organization’s risk-profile and cost of ownership.
On this page
Release history
Last updated: February 2019
Solution summary
When a new vulnerability is disclosed, organizations need to know if and where they are impacted without having to do a vulnerability scan of their environment. VulnDB contains over 65,000 additional vulnerabilities not found in the frequently relied-upon Common Vulnerabilities and Exposures (CVE) database and a much higher degree of information for each vulnerability, providing the richest, most complete vulnerability intelligence available. VulnDB helps customers better address points of risk across their organization – from application development and IT infrastructure management to security operations, vendor risk management, and procurement.
Instead of relying on legacy vulnerability scanning, the VulnDB integration with Archer allows organizations to easily map vulnerability data to the assets and vendors in their environment and quickly identify if a newly disclosed vulnerability will impact them. Armed with this insight, organizations can efficiently prioritize and plan remediation activities, and also quickly identify relevant vulnerability data during security incident response activities.
Benefits
-
Access to a richer and more timely pool of vulnerability intelligence than is available from CVE/NVD and other sources.
-
Insight into vulnerabilities that could pose risk to an organization without the need for an additional vulnerability scan.
-
Ability to more effectively and efficiently prioritize vulnerabilities to be remediated.
Partner Integration Overview |
|
---|---|
Archer Solution |
IT Security Vulnerabilities Program |
Archer Use Case |
IT Security Risk Management |
Archer Applications |
Vulnerability Library |
Uses Custom Application |
No |
Requires On-Demand License |
No |
Prerequisites
A subscription to VulnDB with the API access feature is required to use the VulnDB Data Feed for Archer ITSVP.
In addition, the Archer Vulnerability Library application is required for installation and operation of the VulnDB Data Feed for the Archer IT Security Vulnerabilities Program use case. This application is the target for the data feed from VulnDB.
Partner product configuration
Before you begin
This section provides instructions for configuring the VulnDB Data Feed for the Archer IT Security Vulnerabilities Program use case. This document is not intended to suggest optimum installations or configurations.
It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components.
All VulnDB components must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true before proceeding.
Important: The integration described in this guide is being provided as a reference implementation for evaluation and testing purposes. It may or may not meet the needs and use cases for your organization. If additional customizations or enhancements are needed, it is recommended that customers contact Archer Help for assistance.
VulnDB and VulnDB XML Utility for Archer configuration
Data is retrieved from VulnDB and made available for import into Archer by a Python script (the “VulnDB XML Utility for Archer”). The script implements the following functionality:
-
Periodically fetch vulnerabilities from the VulnDB API periodically and in incremental fashion. When the script begins to run, the entire vulnerability history from VulnDB is downloaded into a set of XML files. This process can take several hours to complete. After the initial download, the utility periodically fetches new and updated vulnerabilities from VulnDB and stores those in additional XML files.
-
Provides a configuration file in which VulnDB access credentials, XML file destination location, and data update intervals are specified, among other things.
The following steps must be taken to configure the VulnDB XML Utility for Archer and make data available for import into Archer using the Data Feed Manager:
-
Create VulnDB API access credentials following the instructions in the VulnDB Portal Guide. Download the “VulnDB XML Utility for Archer” from the RBS Support portal at https://riskbased.zendesk.com/hc/en-us/articles/360017443074.
-
Follow the instructions in the README.md file in the download package to install and configure the VulnDB XML Utility for Archer. The XML file destination location must be accessible by the Archer instance. The destination must also be a subdirectory of the Home Directory specified for the Archer instance in the Data File Management section of the Data Feed settings in the Archer Control Panel.
Note: Be sure to change the show_cvss_v3 and package_info parameters to True if those data elements are of interest to your organization.
Archer configuration
Prerequisites
Components |
Recommended Software |
---|---|
Archer |
Archer 6.4 SP1 or later |
Archer Applications |
Vulnerability Library (Archer IT Security Vulnerabilities Program use case) |
Also, download the following component from the Archer Exchange:
File Name |
Description |
---|---|
VulnDB.dfx5 |
Data feed to import information from Risk Based Security’s VulnDB vulnerability intelligence feed |
Configuration overview
A variety of customizations to the Vulnerability Library application are required to support the VulnDB Data Feed for Archer ITSVP. First, Sub-Forms are created to organize the custom fields needed to house the VulnDB data, then the actual data fields are created in the Vulnerability Library application, and the layout of the fields on the application form is configured. Finally, the actual feed is configured to consume the VulnDB data and store it in the fields created.
Creating custom sub-forms and associated fields
Note: 8 Custom Sub-Forms are required.
-
Within Archer, navigate to Application Builder > Sub-Forms
-
Click Add New to create a new Sub-Form.
-
Select Create a new Sub-Form from scratch.
-
Enter “VulnDB Affected Products” as the name of the form and click OK.
-
On the Fields tab of the form that opens, select Add New.
-
Select Create a new field from scratch, choose Text as the type, and click OK.
-
Enter “CPE” for the Name of the field and click Save.
-
Repeat adding fields per the table below to create all eight Sub-Forms and the associated custom Fields.
Note: Fields of type “Date” should be specified as Text Box – Date and Time in the Display Control section of the Options tab when creating those fields.
Table 1: Custom VulnDB sub-forms and associated fields
Sub-Form |
Field Name / Type |
---|---|
VulnDB Affected Products |
CPE / Text Product Name / Text Vendor Name / Text Version / Text VulnDB Product ID / Numeric VulnDB Vendor ID / Numeric VulnDB Version ID / Numeric |
VulnDB Classifications |
Description / Text ID / Numeric Long Name / Text Name / Text |
VulnDB Credits |
Name / Text |
VulnDB CVSSv2 Metrics |
Access Complexity / Text Access Vector / Text Authentication / Text Availability Impact / Text Calculated Base Score / Numeric Confidentiality Impact / Text CVE ID / Text Generated On / Date ID / Numeric Integrity Impact / Text Score / Numeric Source / Text |
VulnDB CVSSv3 Metrics |
Attack Complexity / Text Attack Vector / Text Availability Impact / Text Calculated Base Score / Numeric Confidentiality Impact / Text CVE ID / Text Generated On / Date ID / Numeric Integrity Impact / Text Privileges Required / Text Scope / Text Score / Numeric Source / Text User Interaction / Text |
VulnDB Non-Affected Products |
CPE / Text Product Name / Text Vendor Name / Text Version / Text VulnDB Product ID / Numeric VulnDB Vendor ID / Numeric VulnDB Version ID / Numeric |
VulnDB Package Data |
Operator / Text OS / Text OS Architecture / Text OS Version / Text Package File Name / Text Package Name / Text Package Version / Text |
VulnDB References |
Type / Text Value / Text |
Creating other custom fields
-
Within Archer, navigate to Application Builder > Applications.
-
Click Vulnerability Library.
-
Click the Fields tab.
-
Add custom fields corresponding to the Sub-Forms created previously. For each field, set the type to “Sub-Form”, specific the corresponding Sub-Form on the General tab, and add the display fields and sort order on the Options tab.
Table 2: Custom vulnerability library sub-form fields
Field Name |
Type |
Display Fields |
Sort Order |
---|---|---|---|
VulnDB Affected Products |
Sub-Form |
|
|
VulnDB Classifications |
Sub-Form |
|
|
VulnDB Credits |
Sub-Form |
|
1. Name - Ascending |
VulnDB CVSSv2 Data |
Sub-Form |
|
|
VulnDB CVSSv3 Data |
Sub-Form |
|
|
VulnDB Non-Affected Products |
Sub-Form |
|
|
VulnDB Package Data |
Sub-Form |
|
|
VulnDB References |
Sub-Form |
|
As desired |
Add the following custom fields with the indicated types. Again, note that fields of type “Date” should be specified as Text Box – Date and Time in the Display Control section of the Options tab when creating those fields.
Table 3: Custom vulnerability library fields – other
Field Name |
Type |
---|---|
VulnDB Disclosure Date |
Date |
VulnDB Discovery Date |
Date |
VulnDB Exploit Publish Date |
Date |
VulnDB Keywords |
Text |
VulnDB Last Modified Date |
Date |
VulnDB Publish Date |
Date |
VulnDB Solution Date |
Date |
VulnDB Third Party Solution Date |
Date |
VulnDB Vendor Ack Date |
Date |
VulnDB Vendor Inform Date |
Date |
Configuring the layout
Before the VulnDB-specific fields can be displayed in Archer, they need to be added to the Vulnerability Library application layout.
-
Within Archer, navigate to Application Builder > Applications.
-
Click Vulnerability Library.
-
Click the Layout tab
-
Click the New tab on the Default Tab Set section and enter VulnDB for the name where prompted.
-
Add a section called “Vulnerability Timeline” by clicking Add New Layout Object, dragging Add Section to the VulnDB tab, and entering the name when prompted.
-
Add a section called “Other VulnDB Information” by clicking Add New Layout Object, dragging Add Section to the VulnDB tab, and entering the name when prompted.
-
Drag the various VulnDB Sub-Form fields onto the VulnDB tab as shown in Figure 1 below.
-
Drag the remaining VulnDB custom fields into the appropriate section on the VulnDB tab as shown in Figure 1 below.
-
Arrange the Sub-Forms and Sections as shown in Figure 1.
Figure 1: VulnDB tab layout
Import the data feed file
You will need to import and configure the VulnDB data feed file downloaded earlier. To import the feed file, perform the following steps:
-
In Archer, go to Integration > Data Feeds. Under Manage Data Feeds, Import the VulnDB.dfx5 file downloaded earlier.
-
Update the following settings on the General Information tab:
Field
Value
Status
Active
Target
Vulnerability Library
User Name
userArcherDataFeedService (or other Archer account)
-
Update the following settings on the Transport tab:
-
Set the Transport Method to “File Transporter”
-
Set the Path to “VulnDBXMLFilePath”\*.xml, where “VulnDBXMLFilePath” is the folder or share that the VulnDB Utility script is configured to store XML files. See the “VulnDB and VulnDB Utility Configuration” section earlier in this document for more information.
-
Under Post-Processing > On Success: select “Rename”, and enter the following for the Destination Filename: {DataFileDirectoryName}\success\{DataFileName}_{Now(MM.dd.yyyy)}.{DataFileExtension}
-
-
On the Navigation tab, make sure “XML File Iterator” is selected as the Navigation Method.
-
Review the mappings on the Data Map tab. Consult Appendix A for more information on the predefined and recommended field mappings, including the key field definition.
-
On the Schedule tab:
-
Notice that the default is set to once a day
-
Make any changes to the schedule that you’d like
-
Click Start to pull in content immediately (optional)
-
-
Save the feed.
Certification environment
Date tested: February 2019
Product Name |
Version Information |
Operating System |
Archer |
6.5 |
Virtual Appliance |
VulnDB |
|
|