OpenCVE#
README
OpenCVE Analyzer#
Enrich a cve observable with vulnerability data from OpenCVE.
OpenCVE aggregates CVE information from several providers (NVD, Red Hat, CISA, FIRST, ...) and exposes it through a REST API. This analyzer queries that API for a given CVE and reports its CVSS metrics, CISA KEV status, EPSS score, CWE weaknesses and the affected vendors and products. Unlike the existing Vulners analyzer, OpenCVE is free to use and can also be self-hosted.
Supported observable#
cve(for exampleCVE-2021-44228)
Requirements#
You need an OpenCVE account and an organization API token:
- Create a free account at app.opencve.io. The Free plan includes API access (100 calls/hour).
- Open your organization settings and generate an API token.
- Provide it to the analyzer through the
tokenconfiguration option.
If you run your own OpenCVE instance, set base_url to its API endpoint. The default is
https://app.opencve.io/api.
Configuration#
| Name | Description | Required | Default |
|---|---|---|---|
token |
OpenCVE organization API token (Bearer). | yes | |
base_url |
OpenCVE API base URL. | no | https://app.opencve.io/api |
OpenCVE#
Author: Ali Bhutto
License: AGPL-V3
Version: 1.0
Supported observables types:
- cve
Registration required: True
Subscription required: False
Free subscription: True
Third party service: https://www.opencve.io
Description#
Enrich a CVE with OpenCVE data: CVSS metrics, CISA KEV status, EPSS score, CWE weaknesses and affected vendors/products.
Configuration#
| token | OpenCVE organization API token (Bearer). Create one for free at app.opencve.io under your organization settings. |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| base_url | OpenCVE API base URL. Keep the default for the hosted instance, or set it to your self-hosted OpenCVE API. |
|---|---|
| Default value if not configured | https://app.opencve.io/api |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
No template samples to display.