Documentation
¶
Index ¶
Constants ¶
View Source
const (
// ThresholdNVD defines the threshold for values that will be returned from a query
ThresholdNVD = 1.5
)
Variables ¶
View Source
var Decoder = &decoder.AbstractDecoder{ Type: types.Type_NC_Vulnerability, Name: "Vulnerability", Description: "A vulnerability associated with a software product observed on the network", PostInit: func(d *decoder.AbstractDecoder) (err error) { vulnLog, _, err = logging.InitZapLogger( decoderconfig.Instance.Out, "vulnerability", decoderconfig.Instance.Debug, ) return err }, DeInit: func(sd *decoder.AbstractDecoder) error { return vulnLog.Sync() }, }
Decoder for protocol analysis and writing audit records to disk.
Functions ¶
func ResetVulnStore ¶ added in v0.7.6
func ResetVulnStore()
ResetVulnStore clears the vulnerability deduplication store This should be called when resetting state between processing different files
func VulnerabilitiesLookup ¶
VulnerabilitiesLookup searches for known vulnerabilities in the indexed bleve database TODO: - Make the threshold configurable on the commandline - add caching layer to avoid repeating matching operations.
Types ¶
type NVDVulnerabilityItems ¶
type NVDVulnerabilityItems struct {
CVEDataType string `json:"CVE_data_type"`
CVEDataFormat string `json:"CVE_data_format"`
CVEDataVersion string `json:"CVE_data_version"`
CVEDataNumberOfCVEs string `json:"CVE_data_numberOfCVEs"`
CVEDataTimestamp string `json:"CVE_data_timestamp"`
CVEItems []struct {
Cve struct {
DataType string `json:"data_type"`
DataFormat string `json:"data_format"`
DataVersion string `json:"data_version"`
CVEDataMeta struct {
ID string `json:"ID"`
ASSIGNER string `json:"ASSIGNER"`
} `json:"CVE_data_meta"`
Problemtype struct {
ProblemtypeData []struct {
Description []struct {
Lang string `json:"lang"`
Value string `json:"value"`
} `json:"description"`
} `json:"problemtype_data"`
} `json:"problemtype"`
References struct {
ReferenceData []struct {
URL string `json:"url"`
Name string `json:"name"`
Refsource string `json:"refsource"`
Tags []string `json:"tags"`
} `json:"reference_data"`
} `json:"references"`
Description struct {
DescriptionData []struct {
Lang string `json:"lang"`
Value string `json:"value"`
} `json:"description_data"`
} `json:"description"`
} `json:"cve"`
Configurations struct {
CVEDataVersion string `json:"CVE_data_version"`
Nodes []struct {
Operator string `json:"operator"`
CpeMatch []struct {
Vulnerable bool `json:"vulnerable"`
Cpe23URI string `json:"cpe23Uri"`
VersionEndExcluding string `json:"versionEndExcluding"`
VersionStartIncluding string `json:"versionStartIncluding,omitempty"`
} `json:"cpe_match"`
} `json:"nodes"`
} `json:"configurations"`
Impact struct {
BaseMetricV3 struct {
CvssV3 struct {
Version string `json:"version"`
VectorString string `json:"vectorString"`
AttackVector string `json:"attackVector"`
AttackComplexity string `json:"attackComplexity"`
PrivilegesRequired string `json:"privilegesRequired"`
UserInteraction string `json:"userInteraction"`
Scope string `json:"scope"`
ConfidentialityImpact string `json:"confidentialityImpact"`
IntegrityImpact string `json:"integrityImpact"`
AvailabilityImpact string `json:"availabilityImpact"`
BaseScore float64 `json:"baseScore"`
BaseSeverity string `json:"baseSeverity"`
} `json:"cvssV3"`
ExploitabilityScore float64 `json:"exploitabilityScore"`
ImpactScore float64 `json:"impactScore"`
} `json:"baseMetricV3"`
BaseMetricV2 struct {
CvssV2 struct {
Version string `json:"version"`
VectorString string `json:"vectorString"`
AccessVector string `json:"accessVector"`
AccessComplexity string `json:"accessComplexity"`
Authentication string `json:"authentication"`
ConfidentialityImpact string `json:"confidentialityImpact"`
IntegrityImpact string `json:"integrityImpact"`
AvailabilityImpact string `json:"availabilityImpact"`
BaseScore float64 `json:"baseScore"`
} `json:"cvssV2"`
Severity string `json:"severity"`
ExploitabilityScore float64 `json:"exploitabilityScore"`
ImpactScore float64 `json:"impactScore"`
AcInsufInfo bool `json:"acInsufInfo"`
ObtainAllPrivilege bool `json:"obtainAllPrivilege"`
ObtainUserPrivilege bool `json:"obtainUserPrivilege"`
ObtainOtherPrivilege bool `json:"obtainOtherPrivilege"`
UserInteractionRequired bool `json:"userInteractionRequired"`
} `json:"baseMetricV2"`
} `json:"impact"`
PublishedDate string `json:"publishedDate"`
LastModifiedDate string `json:"lastModifiedDate"`
} `json:"CVE_Items"`
}
NVDVulnerabilityItems represents the structure of an NVD vulnerability json file.
Source Files
Click to show internal directories.
Click to hide internal directories.