Importing CVE Dictionary with CVSS and CPE Mappings

book

Article ID: 158188

calendar_today

Updated On:

Products

Risk Automation Suite

Issue/Introduction

How do CVE's get imported/updated in SRAS?

Resolution

CVE dictionary updates can be obtained from NIST's repository here: http://nvd.nist.gov/download.cfm

Be sure to obtain NVD/CVE XML version 1.2 and that the file specifies that mappings are included.

  1. On the left navigation panel, navigate to "Policies & Controls"-->"Summary"
  2. Select "Import Policy" (on right side half way down)
  3. Locate the "Import CVE Dictionary" box.  (See image below)
  4. Browse to and import the CVE XML file.