search

OpenCTI-Platform / connectors

OpenCTI Connectors
https://www.opencti.io
Apache License 2.0
379 stars 412 forks source link

[CISA Known Exploited Vulnerabilities] Add Infrastructure and Identity Objects to import #705

Open TechBurn0ut opened 2 years ago

TechBurn0ut commented 2 years ago

Description

The current implementation of the CISA Known Exploited Vulnerabilities only extracts Vulnerability data from the data feed. As a Threat Intelligence Analyst, I require that the software/platform, and vendor data to be extracted and relationships created between the vulnerability and affected software from this feed and imported. This is so that I can easily report on affected software platforms and pivot to other data sets.

Environment

  1. OS (where OpenCTI server runs): AWS ECS Farget
  2. OpenCTI version: >=5.2.4
  3. OpenCTI client: 5.2.4
  4. Other environment details:

Expected Output

Infrastructure Objects that reference the affected Software/Platform Identity Objects/Organization Objects that reference the author of the Software/Platform Vulnerability Objects that reference the vulnerability SRO between vulnerability and infrastructure

If the feature request is approved, would you be willing to submit a PR?

Yes - Current: https://github.com/TechBurn0ut/connectors

Jipegien commented 1 year ago

Hello @TechBurn0ut! As your issue is related to a Community supported connector, feel free to submit your PR. It will be probably accepted after a review.