Ingest "known ransomware" data in KEV feed

[dav3r]

🗣 Description

This PR updates cyhy-kevsync to read the recently-added knownRansomwareCampaignUse field from the CISA JSON known_exploited_vulnerabilities_schema and store it in the CyHy KEVDoc database collection.

Additionally, this PR updates the ticket manager to be aware of the new known_ransomware flag in the ticket details (see https://github.com/cisagov/cyhy-core/pull/80/commits/d166237ae7a367b7198b36cbdaa9a4a0eda58fb6). This is in support of the work needed for https://github.com/cisagov/cyhy-system/issues/101 and https://github.com/cisagov/cyhy-system/issues/102.

💭 Motivation and context

In support of the "Ransomware Vulnerability Warning Pilot", this data needs to pulled into the CyHy database so that it can be reported to CyHy stakeholders.

Resolves https://github.com/cisagov/cyhy-system/issues/100.

🧪 Testing

I deployed these changes to a development environment, ran cyhy-kevsync, and confirmed that it ran successfully:

$ sudo grep kevsync /var/log/syslog
Oct 19 14:57:03 database1 CRON[28154]: (cyhy) CMD (/usr/local/bin/cyhy-kevsync 2>&1 | /usr/bin/logger -t cyhy-kevsync)
Oct 19 14:57:04 database1 cyhy-kevsync: Imported 1022 KEV entries, 184 are known ransomware.

I also checked the database and verified that the new field was being ingested as expected:

> db.kevs.findOne()
{ "_id" : "CVE-2019-0841", "known_ransomware" : true }
> db.kevs.count()
1022
> db.kevs.count({"known_ransomware": true})
184
> db.kevs.count({"known_ransomware": false})
838

✅ Pre-approval checklist

• [x] This PR has an informative and human-readable title.
• [x] Changes are limited to a single goal - eschew scope creep!
• [x] All relevant type-of-change labels have been added.
• [x] I have read the CONTRIBUTING document.
• [x] These code changes follow cisagov code standards.
• [x] All new and existing tests pass.

✅ Post-merge checklist

• [x] Deploy changes to production.

[dav3r]

Thanks @mcdonnnj for the solid suggestions. 👍 I'm clearly a little rusty with my Python. 😳

[dav3r]

Re-requesting review after the addition of https://github.com/cisagov/cyhy-core/pull/80/commits/d166237ae7a367b7198b36cbdaa9a4a0eda58fb6, which is needed in order to support https://github.com/cisagov/cyhy-system/issues/101 and https://github.com/cisagov/cyhy-system/issues/102.

I also updated this PR's description to mention this additional change.

[dav3r]

These changes have been deployed to Production. I manually ran cyhy-kevsync to pull in the new known_ransomware data and verified that it worked as expected. I will also check the database today to ensure that tickets are getting updated appropriately with the new known_ransomware flag.