NVD
Connector Category: Enrichment Tool
Notice
This integration is available in Intel Exchange starting v.3.7.4.0 onwards.
Starting v3.7.5.0, the default base URL is changed to
https://services.nvd.nist.gov/rest/json/cves/2.0(previouslyhttps://nvd.nist.gov/vuln/detail). Additionally, an optional API key field is available to configure NVD.
About Integration
National Vulnerability Database (NVD) is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. Intel Exchange integrates with NVD to retrieve vulnerabilities and references.
Configure NVD as an Enrichment Tool
Configure NVD in Intel Exchange to enrich vulnerabilities.
Before you Start
Ensure that your user group has Create, Update, and View permissions for enrichment tools and their associated policies in Intel Exchange.
Ensure you have the base URL and the API key of your NVD account.
Steps
To configure NVD as an enrichment tool, follow these steps:
Sign in to Intel Exchange, and go to Administration > Enrichment Management > Enrichment Tools.
Search and select the NVD enrichment tool.
Click Add Account and enter the following details:
Account Name: Enter a unique account name to identify the instance. For example, NVD Enrichment.
Base URL: Enter the base URL of your NVD instance. The default base URL is
https://services.nvd.nist.gov/rest/json/cves/2.0.API Key (Optional): Enter the API key of your NVD account to authenticate communication between the Intel Exchange and NVD servers.
Verify SSL: Select Verify SSL to verify the SSL certificate and secure the connection between Intel Exchange and the NVD servers. By default, Verify SSL is selected.
Note
We recommend you enable Verify SSL. If you disable this option, Intel Exchange may configure an instance for an expired SSL certificate. This may not establish the connection properly and Intel Exchange will not be able to notify you in case of a broken or improper connection.
Click Save.
After you save the account, you can enable the vulnerability enrichment type to use NVD to enrich vulnerabilities.
After adding an account successfully, you can view and enable the vulnerability enrichment type. Additionally, you can configure Quota to restrict the number of enrichment requests sent from Intel Exchange to NVD. After the quota expires, you cannot make enrichment requests until the quota resets for the next quota duration. For more information, see Define Quota in Configure Enrichment Tools.
To understand the number of API calls and quota units consumed by the NVD enrichment tool per polling, refer to the following table.
You can configure an enrichment policy to automatically enrich threat data objects using the NVD enrichment tool. For more information, see Configure Enrichment Policy.
Enable NVD Enrichment Type
After successfully adding an account, you can view and enable the NVD feed enrichment type.
Configure Enrichment Quota
You can also configure a quota to define a limit to the number of enrichment requests Intel Exchange makes to NVD. After the quota expires, you cannot make enrichment requests until the quota resets for the next quota duration. For more information, see Define Quota in Configure Enrichment Tools.
The following table shows the number of API calls and quota units consumed by the NVD enrichment tool for each enrichment:
Enrichment Tool | Feed Enrichment Type | No. of API calls | Quota Consumed |
|---|---|---|---|
NVD | Retrieve Vulnerabilities Detail | 1 | 1 |
You can configure an enrichment policy to automatically enrich threat data objects using the PolySwarm enrichment tool. For more information, see Enrichment Policy.
Enrich Threat Data Object
You can use the National Vulnerability Database (NVD) to enrich vulnerability threat data objects with standardized vulnerability details, references, and contextual information to support automation and compliance.
To enrich a threat data object using NVD, follow these steps:
Go to Main Menu > Collection > Threat Data and filter threat data objects by Indicator object type.
Select the object you want to enrich.
Note
NVD enrichment is available only for Vulnerability threat data objects.
In the Enrichment tab, select NVD under Enrichment Details, then click Enrich.
You can view the enrichment details in Enrichment Payload. You can also click Re-Enrich to enrich the threat data object again.
Enrich Object in Threat Investigation Canvas
Enhance vulnerability data in the Threat Investigation Canvas by interacting directly with nodes. This allows you to gain deeper insights into vulnerability objects and visualize enriched data for more informed analysis.
Before you Start
Ensure that you have Create, View, and Update Threat Investigations permissions.
Steps
To enrich a vulnerability object using the Threat Investigation Canvas, follow these steps:
Go to Main Menu > Analysis > Threat Investigations.
Enter a unique title for the canvas. For example, Vulnerability Analysis.
Click the Add Node icon on the left. You can view the Indicator, Domain Objects, and Observables.
Select the Vulnerability object type required for your investigation, or drag it to the canvas.
Enter the identifier of the vulnerability. For example, CVE-2024-12345.
To enrich the object, right-click the node, expand Enrich, select NVD, and click Enrich.
After a successful enrichment, double-click the node and go to the Enrichments tab to view the enrichment details.