Hello, I want to get a list of Critical (CVSS > 7) CVE's for a security vulnerability assessment for a client.
Scored CVEs are available from https://nvd.nist.gov/download.cfm through a set of XML feeds. The nice NIST web site says: A common way to use the feeds is to perform a one-time import of all of the main XML vulnerability feeds and then use the "modified" feeds to keep up-to-date. I thought I'd start out by figuring out how to convert the 2015 XML to CSV. I got halfway there: $ xml2 < nvdcve-2.0-2015.xml > nvdcve-2.0-2015.flat $ 2csv < nvdcve-2.0-2015.flat > nvdcve-2.0-2015.csv usage: 2csv record field [field ...] < in > csv $ There is no documentation for 2csv that I could find... I'm now banging my head against it, trial and error... I might end up just grepping the data I need out of the flat file. All I'm looking for is CVE ID, Summary and CVSS score. Has anybody been down this path already? -- Need CFEngine training? Email train...@verticalsysadmin.com
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
