If you’re interested in using PowerShell you could do the following:
$vulninfo = Invoke-WebRequest -Uri "http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-recent.xml"; $entry = $vulninfo.nvd.entry $temphostobject = @() $vulnhostobject = @() #loop through each entry node ForEach($cves in $entry){ IF($cves.cvss.'base_metrics'.score -gt 7){ $objectproperties = @{cve=$($cves.'cve-id'); cvss=$($cves.cvss.'base_metrics'.score); summary=$($cves.summary) } $temphostobject = New-Object PSObject -Property $objectproperties $vulnhostobject += $temphostobject } } $vulnhostobject | ft I could add some features and make it an advanced function, but this should give you an object that you can return and add to another function or do other fun stuff with. Let me know if you need any other help. Thanks, Josh Rickard Security Analyst Information Security and Access Management Division of Information Technology University of Missouri (573) 884-6280 | ricka...@missouri.edu <mailto:ricka...@missouri.edu> ACA | GCWN | GCFA From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org] On Behalf Of Aleksey Tsalolikhin Sent: Monday, August 17, 2015 8:57 PM To: t...@lopsa.org Subject: [lopsa-tech] getting a list of critical vulnerabilities from the NVD at NIST Hello, I want to get a list of Critical (CVSS > 7) CVE's for a security vulnerability assessment for a client. Scored CVEs are available from https://nvd.nist.gov/download.cfm through a set of XML feeds. The nice NIST web site says: A common way to use the feeds is to perform a one-time import of all of the main XML vulnerability feeds and then use the "modified" feeds to keep up-to-date. I thought I'd start out by figuring out how to convert the 2015 XML to CSV. I got halfway there: $ xml2 < nvdcve-2.0-2015.xml > nvdcve-2.0-2015.flat $ 2csv < nvdcve-2.0-2015.flat > nvdcve-2.0-2015.csv usage: 2csv record field [field ...] < in > csv $ There is no documentation for 2csv that I could find... I'm now banging my head against it, trial and error... I might end up just grepping the data I need out of the flat file. All I'm looking for is CVE ID, Summary and CVSS score. Has anybody been down this path already? -- Need CFEngine training? Email train...@verticalsysadmin.com <mailto:train...@verticalsysadmin.com>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
