vFeed technology helps in validating network related data with known vulnerability "Indicators Of Comprise"(IOCs). The required threat intel information is readily available within it's vulnerability and threat intelligence database and multi-formats feeds. vFeeds are focused 100% to empower customers technology, treat intelligence solutions, protect vulnerable and sensitive systems and enables it's clients to rapidly detect and react against cyber-attacks.
vFeed worldwide client base comprises of a wide and diverse range of individuals and businesses from hackers, consultancy firms, CERTs and freelancers to governmental organizations, software companies and intelligence providers.
Details of the functions that can be used with the vFeed Professional lookup plugin are given in this section.
- keyword_to_cve
- get_targets
- get_cwe
- get_capec
- get_category
- get_wasc
- get_advisory
- get_rules
- get_exploits
- get_information
- get_references
- get_remote_inspection_signatures
- get_local_inspection_signatures
- get_cvss2_score
- get_cvss3_score
- get_cvss_score
In all the functions explained below, the examples use an event store named testingintegrations.
This event store does not exist in DNIF by default. However, it can be created/imported.
Returns a list of CVEs whose description matches the input description
- A keyword that matches a CVE
_fetch $Keyword from testingintegrations limit 1
>>_lookup vfeed-pro keyword_to_cve $Keyword
Click here to view the output of the above example.
The output of the lookup call has the following structure (for the available data):
| Field | Description |
|---|---|
| $Keyword | The keyword to search for in CVE database |
| $CVE | CVE that matched the given keyword |
| $CVEDatePublished | The date the CVE was first published |
| $CVEDateModified | The date the CVE was last modified |
| $CVESummary | Summary of the CVE that matched the given keyword |
Returns information about the targets that are affected by the given CVE's vulnerability.
- CVE ID
_fetch $CVE from testingintegrations limit 1
>>_lookup vfeed-pro get_targets $CVE
Click here to view the output of the above example.
The output of the lookup call has the following structure (for the available data):
| Field | Description |
|---|---|
| $CVE | CVE being queried |
| $VFTargetsTitle | The title given to the target |
| $VFcpe2.2 | The respective CPE2.2 ID |
| $VFcpe2.3 | The respective CPE2.3 ID |
Returns CWE (Common Weakness Enumeration) information that matches the given CVE
- CVE ID
_fetch $CVE from testingintegrations limit 1
>>_lookup vfeed-pro get_cwe $CVE
Click here to view the output of the above example.
The output of the lookup call has the following structure (for the available data):
| Field | Description |
|---|---|
| $CVE | CVE being queried |
| $VFCWEid | A CWE ID that matches the given CVE |
| $VFCWEclass | The family or class that the weakness belongs to |
| $VFCWEtitle | The title given to the current CWE |
| $VFCWErelations | List of other CWEs that are related that the current CWE |
| $VFCWEurl | The Mitre URL for the current CWE |
Returns CAPEC information that matches the given CVE
- CVE ID
_fetch $CVE from testingintegrations limit 1
>>_lookup vfeed-pro get_capec $CVE
Click here to view the output of the above example.
The output of the lookup call has the following structure (for the available data):
| Field | Description |
|---|---|
| $CVE | CVE being queried |
| $VFCweID | A CWE ID that matches the given CVE |
| $VFCapecID | A CAPEC ID that matches the current CWE ID |
| $VFCapecTitle | The title given the the CAPEC record |
| $VFCapecAttackMethods | List of attack methods related to the CAPEC ID |
| $VFCapecMitigations | List of mitigations related to the CAPEC ID |
| $VFCapecURL | The Mitre URL for the CAPEC ID |
Returns CWE Weaknesses Category details (as Top 2011, CERT C++, Top 25, OWASP ....) for each CWE matched to the given CVE
- CVE ID
_fetch $CVE from testingintegrations limit 1
>>_lookup vfeed-pro get_category $CVE
Click here to view the output of the above example.
The output of the lookup call has the following structure (for the available data):
| Field | Description |
|---|---|
| $CVE | CVE being queried |
| $VFCweID | CWE linked with the given CVE |
| $VFCategoryID | Category ID for the given CWE |
| $VFCategoryTitle | Category Titles for the given CWE |
| $VFCategoryURL | Category URL for more information on the given CWE |
| $VFCWEinRelations | True or false depending on whether the given CWE is in relation to the category |
Returns Web Application Consortium details for each CWE linked to the given CVE
- CVE ID
_fetch $CVE from testingintegrations limit 1
>>_lookup vfeed-pro get_wasc $CVE
Click here to view the output of the above example.
The output of the lookup call has the following structure (for the available data):
| Field | Description |
|---|---|
| $CVE | CVE being queried |
| $VFCweID | CWE linked with the given CVE |
| $VFWascID | CWE linked to the given CVE |
| $VFWascTitle | CWE linked to the given CVE |
| $VFWascID | CWE linked to the given CVE |
Returns bulletins and advisory data for the given CVE
- CVE ID
_fetch $CVE from testingintegrations limit 1
>>_lookup vfeed-pro get_advisory $CVE
Click here to view the output of the above example.
The output of the lookup call has the following structure (for the available data):
| Field | Description |
|---|---|
| $CVE | CVE being queried |
| $VFSource | The name of the source that provided the bulletin |
| $VFPreventiveBulletinClass | The class this bulletin falls under |
| $VFPreventiveBulletinID | The ID of the bulletin given by the source |
| $VFPreventiveBulletinURL | The URL of the bulletin |
Returns IPS and IDS signatures for the given CVE
- CVE ID
_fetch $CVE from testingintegrations limit 1
>>_lookup vfeed-pro get_rules $CVE
Click here to view the output of the above example.
The output of the lookup call has the following structure (for the available data):
| Field | Description |
|---|---|
| $CVE | CVE being queried |
| $VFSource | The name of the source that provided the information |
| $VFDetectiveRulesClass | The class this rule / signature information falls under |
| $VFDetectiveRulesID | The ID of the rule / signature given by the source |
| $VFDetectiveRulesTitle | The title of the rule / signature |
| $VFDetectiveRulesURL | The URL of the rule / signature |
Returns exploits and PoC signatures for the given CVE
- CVE ID
_fetch $CVE from testingintegrations limit 1
>>_lookup vfeed-pro get_exploits $CVE
Click here to view the output of the above example.
The output of the lookup call has the following structure (for the available data):
| Field | Description |
|---|---|
| $CVE | CVE being queried |
| $VFSource | The name of the source that provided the information |
| $VFExploitsID | The ID of the exploit given by the source |
| $VFExploitsTitle | The title of the exploit |
| $VFExploitsFile | The file resource related to the exploit |
| $VFExploitsURL | The URL of the exploit |
Returns information for a given CVE
- CVE ID
_fetch $CVE from testingintegrations limit 1
>>_lookup vfeed-pro get_information $CVE
Click here to view the output of the above example.
The output of the lookup call has the following structure (for the available data):
| Field | Description |
|---|---|
| $CVE | CVE being queried |
| $CVEDateModified | The date the CVE was last modified |
| $CVEDatePublished | The date the CVE was first published |
| $CVESummary | A summary of the CVE |
Returns vulnerability references for a given CVE
- CVE ID
_fetch $CVE from testingintegrations limit 1
>>_lookup vfeed-pro get_references $CVE
Click here to view the output of the above example.
The output of the lookup call has the following structure (for the available data):
| Field | Description |
|---|---|
| $CVE | CVE being queried |
| $CVEReferenceVendor | The vendor linked to the reference |
| $CVEURL | The URL provided for the reference |
Returns remote scanner signatures for a given CVE
- CVE ID
_fetch $CVE from testingintegrations limit 1
>>_lookup vfeed-pro get_remote_inspection_signatures $CVE
Click here to view the output of the above example.
The output of the lookup call has the following structure (for the available data):
| Field | Description |
|---|---|
| $CVE | CVE being queried |
| $VFSource | The name of the source that provided the signature information |
| $VFSignatureID | The ID of the signature given by the source |
| $VFSignatureName | The name given to the signature |
| $VFSignatureFamily | The family the signature belongs to |
| $VFSignatureURL | The URL of the signature |
| $VFSignatureFile | The file resource related to the signature |
Returns local scanner signatures for a given CVE
- CVE ID
_fetch $CVE from testingintegrations limit 1
>>_lookup vfeed-pro get_local_inspection_signatures $CVE
Click here to view the output of the above example.
The output of the lookup call has the following structure (for the available data):
| Field | Description |
|---|---|
| $CVE | CVE being queried |
| $VFSource | The name of the source that provided the signature information |
| $VFSignatureID | The ID of the signature given by the source |
| $VFSignatureName | The name given to the signature |
| $VFSignatureFamily | The family the signature belongs to |
| $VFSignatureURL | The URL of the signature |
| $VFSignatureFile | The file resource related to the signature |
Returns the CVSS 2 Scores for a given CVE
- CVE ID
_fetch $CVE from testingintegrations limit 1
>>_lookup vfeed-pro get_cvss2_score $CVE
Click here to view the output of the above example.
The output of the lookup call has the following structure (for the available data):
| Field | Description |
|---|---|
| $CVE | CVE being queried |
| $VFCVSS2AccessComplexity | The complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system |
| $VFCVSS2AccessVector | The vector reflecting how the vulnerability is exploited |
| $VFCVSS2Authentication | The number of times an attacker must authenticate to a target in order to exploit a vulnerability |
| $VFCVSS2AvailabilityImpact | The impact to availability of a successfully exploited vulnerability |
| $VFCVSS2Base | The CVSS2 Base metric score |
| $VFCVSS2ConfidentialityImpact | The impact on confidentiality of a successfully exploited vulnerability |
| $VFCVSS2Impact | The CVSS2 Impact metric score |
| $VFCVSS2Exploit | The CVSS2 Exploit metric score |
| $VFCVSS2IntegrityImpact | The impact to integrity of a successfully exploited vulnerability |
| $VFCVSS2Vector | An abbreviated list of CVSS2 vector metric names |
Returns the CVSS 3 Scores for a given CVE
- CVE ID
_fetch $CVE from testingintegrations limit 1
>>_lookup vfeed-pro get_cvss3_score $CVE
Click here to view the output of the above example.
The output of the lookup call has the following structure (for the available data):
| Field | Description |
|---|---|
| $CVE | CVE being queried |
| $VFCVSS3AccessComplexity | The complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system |
| $VFCVSS3AccessVector | The vector reflecting how the vulnerability is exploited |
| $VFCVSS3Authentication | The number of times an attacker must authenticate to a target in order to exploit a vulnerability |
| $VFCVSS3AvailabilityImpact | The impact to availability of a successfully exploited vulnerability |
| $VFCVSS3Base | The CVSS3 Base metric score |
| $VFCVSS3ConfidentialityImpact | The impact on confidentiality of a successfully exploited vulnerability |
| $VFCVSS3Impact | The CVSS3 Impact metric score |
| $VFCVSS3Exploit | The CVSS3 Exploit metric score |
| $VFCVSS3IntegrityImpact | The impact to integrity of a successfully exploited vulnerability |
| $VFCVSS3Vector | An abbreviated list of CVSS3 vector metric names |
Returns both the CVSS 2 and CVSS 3 scores for a given CVE
- CVE ID
_fetch $CVE from testingintegrations limit 1
>>_lookup vfeed-pro get_cvss_score $CVE
Click here to view the output of the above example.
The output of the lookup call has the following structure (for the available data):
| Field | Description |
|---|---|
| $CVE | CVE being queried |
| $VFCVSS2AccessComplexity | The complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system |
| $VFCVSS2AccessVector | The vector reflecting how the vulnerability is exploited |
| $VFCVSS2Authentication | The number of times an attacker must authenticate to a target in order to exploit a vulnerability |
| $VFCVSS2AvailabilityImpact | The impact to availability of a successfully exploited vulnerability |
| $VFCVSS2Base | The CVSS2 Base metric score |
| $VFCVSS2ConfidentialityImpact | The impact on confidentiality of a successfully exploited vulnerability |
| $VFCVSS2Impact | The CVSS2 Impact metric score |
| $VFCVSS2Exploit | The CVSS2 Exploit metric score |
| $VFCVSS2IntegrityImpact | The impact to integrity of a successfully exploited vulnerability |
| $VFCVSS2Vector | An abbreviated list of CVSS2 vector metric names |
| $VFCVSS3AccessComplexity | The complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system |
| $VFCVSS3AccessVector | The vector reflecting how the vulnerability is exploited |
| $VFCVSS3Authentication | The number of times an attacker must authenticate to a target in order to exploit a vulnerability |
| $VFCVSS3AvailabilityImpact | The impact to availability of a successfully exploited vulnerability |
| $VFCVSS3Base | The CVSS3 Base metric score |
| $VFCVSS3ConfidentialityImpact | The impact on confidentiality of a successfully exploited vulnerability |
| $VFCVSS3Impact | The CVSS3 Impact metric score |
| $VFCVSS3Exploit | The CVSS3 Exploit metric score |
| $VFCVSS3IntegrityImpact | The impact to integrity of a successfully exploited vulnerability |
| $VFCVSS3Vector | An abbreviated list of CVSS3 vector metric names |
The vFeed Professional CVE Database can be found on the vFeed website at
$cd /dnif/CnxxxxxxxxxxxxV8/lookup_plugins/
git clone https://github.com/dnif/lookup-vfeed-pro.git vfeed-pro
Replace the tags: <Add_your_access_key_here> with your vFeed Professional access key, <Add_your_plan_name_here> with your vFeed Professional
plan name, and <Add_your_secret_key_here> with your vFeed Professional secret key.
lookup_plugin:
VF_ACCESS_KEY: <Add_your_access_key_here>
VF_LAST_DB_UPDATE:
VF_PLAN: <Add_your_plan_name_here>
VF_SECRET_KEY: <Add_your_secret_key_here>